{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","type":"deb","namespace":"debian","name":"icu","version":"52.1-8+deb8u7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72717?format=json","vulnerability_id":"VCID-3hng-5n5z-7faw","summary":"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4844.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4844","reference_id":"","reference_type":"","scores":[{"value":"0.11054","scoring_system":"epss","scoring_elements":"0.93584","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11054","scoring_system":"epss","scoring_elements":"0.93594","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1273318","reference_id":"1273318","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1273318"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1919","reference_id":"RHSA-2015:1919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1920","reference_id":"RHSA-2015:1920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1921","reference_id":"RHSA-2015:1921","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1921"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1926","reference_id":"RHSA-2015:1926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1927","reference_id":"RHSA-2015:1927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1928","reference_id":"RHSA-2015:1928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2086","reference_id":"RHSA-2015:2086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2506","reference_id":"RHSA-2015:2506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2507","reference_id":"RHSA-2015:2507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2508","reference_id":"RHSA-2015:2508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2509","reference_id":"RHSA-2015:2509","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2509"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2518","reference_id":"RHSA-2015:2518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"reference_url":"https://usn.ubuntu.com/2784-1/","reference_id":"USN-2784-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2784-1/"},{"reference_url":"https://usn.ubuntu.com/2827-1/","reference_id":"USN-2827-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2827-1/"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-4844"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hng-5n5z-7faw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72718?format=json","vulnerability_id":"VCID-6grx-g6uw-yybd","summary":"Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0494.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0494","reference_id":"","reference_type":"","scores":[{"value":"0.05634","scoring_system":"epss","scoring_elements":"0.90506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05634","scoring_system":"epss","scoring_elements":"0.90521","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298906","reference_id":"1298906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298906"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://security.gentoo.org/glsa/201610-08","reference_id":"GLSA-201610-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0049","reference_id":"RHSA-2016:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0050","reference_id":"RHSA-2016:0050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0053","reference_id":"RHSA-2016:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0054","reference_id":"RHSA-2016:0054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0055","reference_id":"RHSA-2016:0055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0056","reference_id":"RHSA-2016:0056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0057","reference_id":"RHSA-2016:0057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0067","reference_id":"RHSA-2016:0067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0098","reference_id":"RHSA-2016:0098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0099","reference_id":"RHSA-2016:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0100","reference_id":"RHSA-2016:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0101","reference_id":"RHSA-2016:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"reference_url":"https://usn.ubuntu.com/2884-1/","reference_id":"USN-2884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2884-1/"},{"reference_url":"https://usn.ubuntu.com/2885-1/","reference_id":"USN-2885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2885-1/"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2016-0494"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6grx-g6uw-yybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72724?format=json","vulnerability_id":"VCID-6q8q-9q3y-abhc","summary":"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7868.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7868","reference_id":"","reference_type":"","scores":[{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77775","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77802","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444098","reference_id":"1444098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444098"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314","reference_id":"860314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314"},{"reference_url":"https://security.gentoo.org/glsa/201710-03","reference_id":"GLSA-201710-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-03"},{"reference_url":"https://usn.ubuntu.com/3274-1/","reference_id":"USN-3274-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-1/"},{"reference_url":"https://usn.ubuntu.com/3274-2/","reference_id":"USN-3274-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2017-7868"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q8q-9q3y-abhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72727?format=json","vulnerability_id":"VCID-7fz2-29gm-eufm","summary":"An issue was discovered in International Components for Unicode (ICU) for C/C++ through 66.1. An integer overflow, leading to a heap-based buffer overflow, exists in the UnicodeString::doAppend() function in common/unistr.cpp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10531.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-10531.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10531","reference_id":"","reference_type":"","scores":[{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.74237","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0079","scoring_system":"epss","scoring_elements":"0.7427","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-10531"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10531"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807349","reference_id":"1807349","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1807349"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953747","reference_id":"953747","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953747"},{"reference_url":"https://security.gentoo.org/glsa/202003-15","reference_id":"GLSA-202003-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0738","reference_id":"RHSA-2020:0738","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0738"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0896","reference_id":"RHSA-2020:0896","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0896"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0897","reference_id":"RHSA-2020:0897","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0897"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0901","reference_id":"RHSA-2020:0901","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0901"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0902","reference_id":"RHSA-2020:0902","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0902"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1293","reference_id":"RHSA-2020:1293","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1293"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1317","reference_id":"RHSA-2020:1317","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1317"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1343","reference_id":"RHSA-2020:1343","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1343"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2895","reference_id":"RHSA-2020:2895","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2895"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3084","reference_id":"RHSA-2020:3084","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3084"},{"reference_url":"https://usn.ubuntu.com/4305-1/","reference_id":"USN-4305-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4305-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-un3w-2ee4-jbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/518828?format=json","purl":"pkg:deb/debian/icu@67.1-7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7v8-vz82-6ucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@67.1-7"}],"aliases":["CVE-2020-10531"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7fz2-29gm-eufm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72712?format=json","vulnerability_id":"VCID-8ucv-hrcz-uqau","summary":"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2632.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2632.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2632","reference_id":"","reference_type":"","scores":[{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82856","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242394","reference_id":"1242394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242394"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://security.gentoo.org/glsa/201701-58","reference_id":"GLSA-201701-58","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"},{"reference_url":"https://usn.ubuntu.com/2696-1/","reference_id":"USN-2696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2696-1/"},{"reference_url":"https://usn.ubuntu.com/2706-1/","reference_id":"USN-2706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2706-1/"},{"reference_url":"https://usn.ubuntu.com/2740-1/","reference_id":"USN-2740-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2740-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-2632"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ucv-hrcz-uqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4356?format=json","vulnerability_id":"VCID-9ubw-4yby-v3bp","summary":"arbitrary code execution","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14952.json","reference_id":"","reference_type":"","scores":[{"value":"4.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14952.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14952","reference_id":"","reference_type":"","scores":[{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.86698","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02941","scoring_system":"epss","scoring_elements":"0.8672","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14952"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14952"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:P/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510930","reference_id":"1510930","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1510930"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878840","reference_id":"878840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=878840"},{"reference_url":"https://security.archlinux.org/ASA-201711-25","reference_id":"ASA-201711-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-25"},{"reference_url":"https://security.archlinux.org/ASA-201711-26","reference_id":"ASA-201711-26","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201711-26"},{"reference_url":"https://security.archlinux.org/AVG-504","reference_id":"AVG-504","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-504"},{"reference_url":"https://security.archlinux.org/AVG-507","reference_id":"AVG-507","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-507"},{"reference_url":"https://usn.ubuntu.com/3458-1/","reference_id":"USN-3458-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3458-1/"},{"reference_url":"https://usn.ubuntu.com/3458-2/","reference_id":"USN-3458-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3458-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-un3w-2ee4-jbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"}],"aliases":["CVE-2017-14952"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9ubw-4yby-v3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72719?format=json","vulnerability_id":"VCID-aykx-vyhu-7yfr","summary":"The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6293.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6293","reference_id":"","reference_type":"","scores":[{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.78032","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.7806","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1360339","reference_id":"1360339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1360339"},{"reference_url":"https://security.gentoo.org/glsa/201701-58","reference_id":"GLSA-201701-58","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-58"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2016-6293"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aykx-vyhu-7yfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72715?format=json","vulnerability_id":"VCID-f3kd-641n-17ch","summary":"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4760.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4760","reference_id":"","reference_type":"","scores":[{"value":"0.09686","scoring_system":"epss","scoring_elements":"0.93063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09686","scoring_system":"epss","scoring_elements":"0.93074","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242447","reference_id":"1242447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242447"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"},{"reference_url":"https://usn.ubuntu.com/2696-1/","reference_id":"USN-2696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2696-1/"},{"reference_url":"https://usn.ubuntu.com/2706-1/","reference_id":"USN-2706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2706-1/"},{"reference_url":"https://usn.ubuntu.com/2740-1/","reference_id":"USN-2740-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2740-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-4760"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3kd-641n-17ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72729?format=json","vulnerability_id":"VCID-f7v8-vz82-6ucj","summary":"A stack buffer overflow was found in Internationl components for unicode (ICU ). While running the genrb binary, the 'subtag' struct overflowed at the SRBRoot::addTag function. This issue may lead to memory corruption and local arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5222.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5222","reference_id":"","reference_type":"","scores":[{"value":"0.00033","scoring_system":"epss","scoring_elements":"0.1026","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-5222"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5222"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106684","reference_id":"1106684","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1106684"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368600","reference_id":"2368600","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2368600"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2025-5222","reference_id":"CVE-2025-5222","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2025-5222"},{"reference_url":"https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957","reference_id":"ICU-22957","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://unicode-org.atlassian.net/jira/software/c/projects/ICU/issues/ICU-22957"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11888","reference_id":"RHSA-2025:11888","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:11888"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12083","reference_id":"RHSA-2025:12083","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12083"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12331","reference_id":"RHSA-2025:12331","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12331"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12332","reference_id":"RHSA-2025:12332","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12333","reference_id":"RHSA-2025:12333","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-28T13:49:29Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:12333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1033489?format=json","purl":"pkg:deb/debian/icu@72.1-3%2Bdeb12u1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@72.1-3%252Bdeb12u1"}],"aliases":["CVE-2025-5222"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f7v8-vz82-6ucj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72708?format=json","vulnerability_id":"VCID-fmhx-7a3k-ffdx","summary":"Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9911.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9911","reference_id":"","reference_type":"","scores":[{"value":"0.01804","scoring_system":"epss","scoring_elements":"0.83153","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01804","scoring_system":"epss","scoring_elements":"0.83178","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383569","reference_id":"1383569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383569"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2014-9911"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmhx-7a3k-ffdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4331?format=json","vulnerability_id":"VCID-hkbb-bc99-yqdd","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15422.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15422","reference_id":"","reference_type":"","scores":[{"value":"0.02598","scoring_system":"epss","scoring_elements":"0.85888","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02598","scoring_system":"epss","scoring_elements":"0.85909","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523136","reference_id":"1523136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523136"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892766","reference_id":"892766","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892766"},{"reference_url":"https://security.archlinux.org/ASA-201712-5","reference_id":"ASA-201712-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-5"},{"reference_url":"https://security.archlinux.org/AVG-544","reference_id":"AVG-544","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3401","reference_id":"RHSA-2017:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3401"},{"reference_url":"https://usn.ubuntu.com/3610-1/","reference_id":"USN-3610-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3610-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-un3w-2ee4-jbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"}],"aliases":["CVE-2017-15422"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkbb-bc99-yqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72710?format=json","vulnerability_id":"VCID-k1bn-aprc-m3ht","summary":"The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1270.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1270","reference_id":"","reference_type":"","scores":[{"value":"0.01188","scoring_system":"epss","scoring_elements":"0.79153","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01188","scoring_system":"epss","scoring_elements":"0.79179","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245574","reference_id":"1245574","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245574"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647","reference_id":"798647","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647"},{"reference_url":"https://security.gentoo.org/glsa/201603-09","reference_id":"GLSA-201603-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1499","reference_id":"RHSA-2015:1499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1499"},{"reference_url":"https://usn.ubuntu.com/2677-1/","reference_id":"USN-2677-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2677-1/"},{"reference_url":"https://usn.ubuntu.com/2740-1/","reference_id":"USN-2740-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2740-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-1270"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1bn-aprc-m3ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72706?format=json","vulnerability_id":"VCID-qwzq-dmn1-j7fy","summary":"The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8147.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8147","reference_id":"","reference_type":"","scores":[{"value":"0.41904","scoring_system":"epss","scoring_elements":"0.97501","published_at":"2026-06-04T12:55:00Z"},{"value":"0.41904","scoring_system":"epss","scoring_elements":"0.97507","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176200","reference_id":"1176200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176200"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773","reference_id":"784773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773"},{"reference_url":"https://security.gentoo.org/glsa/201507-04","reference_id":"GLSA-201507-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-04"},{"reference_url":"https://usn.ubuntu.com/2605-1/","reference_id":"USN-2605-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2605-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2014-8147"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwzq-dmn1-j7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72728?format=json","vulnerability_id":"VCID-un3w-2ee4-jbcy","summary":"International Components for Unicode (ICU-20850) v66.1 was discovered to contain a use after free bug in the pkg_createWithAssemblyCode function in the file tools/pkgdata/pkgdata.cpp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-21913.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-21913.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-21913","reference_id":"","reference_type":"","scores":[{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27295","published_at":"2026-06-04T12:55:00Z"},{"value":"0.001","scoring_system":"epss","scoring_elements":"0.27363","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-21913"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21913","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-21913"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006950","reference_id":"2006950","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2006950"},{"reference_url":"https://usn.ubuntu.com/5133-1/","reference_id":"USN-5133-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5133-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-un3w-2ee4-jbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"},{"url":"http://public2.vulnerablecode.io/api/packages/518828?format=json","purl":"pkg:deb/debian/icu@67.1-7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-f7v8-vz82-6ucj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@67.1-7"}],"aliases":["CVE-2020-21913"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-un3w-2ee4-jbcy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72723?format=json","vulnerability_id":"VCID-wpkr-mbq4-ekg5","summary":"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7867.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7867","reference_id":"","reference_type":"","scores":[{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78576","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78603","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444097","reference_id":"1444097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444097"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314","reference_id":"860314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314"},{"reference_url":"https://security.gentoo.org/glsa/201710-03","reference_id":"GLSA-201710-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-03"},{"reference_url":"https://usn.ubuntu.com/3274-1/","reference_id":"USN-3274-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-1/"},{"reference_url":"https://usn.ubuntu.com/3274-2/","reference_id":"USN-3274-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2017-7867"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpkr-mbq4-ekg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72726?format=json","vulnerability_id":"VCID-xdhx-y4jj-xfeu","summary":"International Components for Unicode (ICU) for C/C++ 63.1 has an integer overflow in number::impl::DecimalQuantity::toScientificString() in i18n/number_decimalquantity.cpp.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18928.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18928.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18928","reference_id":"","reference_type":"","scores":[{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.70205","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00612","scoring_system":"epss","scoring_elements":"0.70247","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18928"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18928","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18928"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646702","reference_id":"1646702","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1646702"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-un3w-2ee4-jbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"}],"aliases":["CVE-2018-18928"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xdhx-y4jj-xfeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72721?format=json","vulnerability_id":"VCID-yzqr-kpjj-akgj","summary":"Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7415.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7415","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.7928","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79306","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377361","reference_id":"1377361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838694","reference_id":"838694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838694"},{"reference_url":"https://security.gentoo.org/glsa/201701-58","reference_id":"GLSA-201701-58","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-58"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2016-7415"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzqr-kpjj-akgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72705?format=json","vulnerability_id":"VCID-zkex-ss5h-5ke5","summary":"The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8146.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8146","reference_id":"","reference_type":"","scores":[{"value":"0.25808","scoring_system":"epss","scoring_elements":"0.96359","published_at":"2026-06-04T12:55:00Z"},{"value":"0.25808","scoring_system":"epss","scoring_elements":"0.96364","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176197","reference_id":"1176197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773","reference_id":"784773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773"},{"reference_url":"https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/i-c-u-fail.txt","reference_id":"CVE-2014-8147;CVE-2014-8146","reference_type":"exploit","scores":[],"url":"https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/i-c-u-fail.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43887.txt","reference_id":"CVE-2014-8147;CVE-2014-8146","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43887.txt"},{"reference_url":"https://security.gentoo.org/glsa/201507-04","reference_id":"GLSA-201507-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-04"},{"reference_url":"https://usn.ubuntu.com/2605-1/","reference_id":"USN-2605-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2605-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2014-8146"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkex-ss5h-5ke5"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72717?format=json","vulnerability_id":"VCID-3hng-5n5z-7faw","summary":"Unspecified vulnerability in Oracle Java SE 6u101, 7u85, and 8u60, and Java SE Embedded 8u51, allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4844.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4844","reference_id":"","reference_type":"","scores":[{"value":"0.11054","scoring_system":"epss","scoring_elements":"0.93584","published_at":"2026-06-04T12:55:00Z"},{"value":"0.11054","scoring_system":"epss","scoring_elements":"0.93594","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1273318","reference_id":"1273318","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1273318"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1919","reference_id":"RHSA-2015:1919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1920","reference_id":"RHSA-2015:1920","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1920"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1921","reference_id":"RHSA-2015:1921","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1921"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1926","reference_id":"RHSA-2015:1926","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1926"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1927","reference_id":"RHSA-2015:1927","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1927"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1928","reference_id":"RHSA-2015:1928","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1928"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2086","reference_id":"RHSA-2015:2086","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2086"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2506","reference_id":"RHSA-2015:2506","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2506"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2507","reference_id":"RHSA-2015:2507","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2507"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2508","reference_id":"RHSA-2015:2508","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2508"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2509","reference_id":"RHSA-2015:2509","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2509"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2518","reference_id":"RHSA-2015:2518","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2518"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"reference_url":"https://usn.ubuntu.com/2784-1/","reference_id":"USN-2784-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2784-1/"},{"reference_url":"https://usn.ubuntu.com/2827-1/","reference_id":"USN-2827-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2827-1/"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-4844"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3hng-5n5z-7faw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72718?format=json","vulnerability_id":"VCID-6grx-g6uw-yybd","summary":"Unspecified vulnerability in the Java SE and Java SE Embedded components in Oracle Java SE 6u105, 7u91, and 8u66 and Java SE Embedded 8u65 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0494.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0494.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0494","reference_id":"","reference_type":"","scores":[{"value":"0.05634","scoring_system":"epss","scoring_elements":"0.90506","published_at":"2026-06-04T12:55:00Z"},{"value":"0.05634","scoring_system":"epss","scoring_elements":"0.90521","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"10","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:C/I:C/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298906","reference_id":"1298906","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1298906"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://security.gentoo.org/glsa/201610-08","reference_id":"GLSA-201610-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201610-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0049","reference_id":"RHSA-2016:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0050","reference_id":"RHSA-2016:0050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0053","reference_id":"RHSA-2016:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0054","reference_id":"RHSA-2016:0054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0055","reference_id":"RHSA-2016:0055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0056","reference_id":"RHSA-2016:0056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0057","reference_id":"RHSA-2016:0057","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0057"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0067","reference_id":"RHSA-2016:0067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0098","reference_id":"RHSA-2016:0098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0099","reference_id":"RHSA-2016:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0100","reference_id":"RHSA-2016:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0101","reference_id":"RHSA-2016:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"reference_url":"https://usn.ubuntu.com/2884-1/","reference_id":"USN-2884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2884-1/"},{"reference_url":"https://usn.ubuntu.com/2885-1/","reference_id":"USN-2885-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2885-1/"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2016-0494"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6grx-g6uw-yybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72724?format=json","vulnerability_id":"VCID-6q8q-9q3y-abhc","summary":"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_moveIndex32* function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7868.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7868.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7868","reference_id":"","reference_type":"","scores":[{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77775","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0104","scoring_system":"epss","scoring_elements":"0.77802","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444098","reference_id":"1444098","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444098"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314","reference_id":"860314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314"},{"reference_url":"https://security.gentoo.org/glsa/201710-03","reference_id":"GLSA-201710-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-03"},{"reference_url":"https://usn.ubuntu.com/3274-1/","reference_id":"USN-3274-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-1/"},{"reference_url":"https://usn.ubuntu.com/3274-2/","reference_id":"USN-3274-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2017-7868"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6q8q-9q3y-abhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72712?format=json","vulnerability_id":"VCID-8ucv-hrcz-uqau","summary":"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2632.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2632.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2632","reference_id":"","reference_type":"","scores":[{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.8283","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01738","scoring_system":"epss","scoring_elements":"0.82856","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242394","reference_id":"1242394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242394"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://security.gentoo.org/glsa/201701-58","reference_id":"GLSA-201701-58","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-58"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"},{"reference_url":"https://usn.ubuntu.com/2696-1/","reference_id":"USN-2696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2696-1/"},{"reference_url":"https://usn.ubuntu.com/2706-1/","reference_id":"USN-2706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2706-1/"},{"reference_url":"https://usn.ubuntu.com/2740-1/","reference_id":"USN-2740-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2740-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-2632"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8ucv-hrcz-uqau"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72719?format=json","vulnerability_id":"VCID-aykx-vyhu-7yfr","summary":"The uloc_acceptLanguageFromHTTP function in common/uloc.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ does not ensure that there is a '\\0' character at the end of a certain temporary array, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via a call with a long httpAcceptLanguage argument.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6293.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6293.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6293","reference_id":"","reference_type":"","scores":[{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.78032","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01066","scoring_system":"epss","scoring_elements":"0.7806","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1360339","reference_id":"1360339","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1360339"},{"reference_url":"https://security.gentoo.org/glsa/201701-58","reference_id":"GLSA-201701-58","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-58"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2016-6293"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aykx-vyhu-7yfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72715?format=json","vulnerability_id":"VCID-f3kd-641n-17ch","summary":"Unspecified vulnerability in Oracle Java SE 6u95, 7u80, and 8u45 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to 2D.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4760.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4760.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4760","reference_id":"","reference_type":"","scores":[{"value":"0.09686","scoring_system":"epss","scoring_elements":"0.93063","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09686","scoring_system":"epss","scoring_elements":"0.93074","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242447","reference_id":"1242447","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1242447"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201603-14","reference_id":"GLSA-201603-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-14"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"},{"reference_url":"https://usn.ubuntu.com/2696-1/","reference_id":"USN-2696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2696-1/"},{"reference_url":"https://usn.ubuntu.com/2706-1/","reference_id":"USN-2706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2706-1/"},{"reference_url":"https://usn.ubuntu.com/2740-1/","reference_id":"USN-2740-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2740-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1937-rk84-qydq"},{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-3yjj-bp6d-tkab"},{"vulnerability":"VCID-562t-my7q-fkhk"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-bkbn-dxg2-dqfk"},{"vulnerability":"VCID-excs-dj44-yfby"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fbng-2ww3-6bdu"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-kauc-686u-jqeh"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-rz8q-v7bh-9fe1"},{"vulnerability":"VCID-scv7-4fwv-vyek"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-wsen-t4x7-wuhc"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yhgb-pmpp-9uc2"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-4760"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f3kd-641n-17ch"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72708?format=json","vulnerability_id":"VCID-fmhx-7a3k-ffdx","summary":"Stack-based buffer overflow in the ures_getByKeyWithFallback function in common/uresbund.cpp in International Components for Unicode (ICU) before 54.1 for C/C++ allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted uloc_getDisplayName call.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9911.json","reference_id":"","reference_type":"","scores":[{"value":"8.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9911.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9911","reference_id":"","reference_type":"","scores":[{"value":"0.01804","scoring_system":"epss","scoring_elements":"0.83153","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01804","scoring_system":"epss","scoring_elements":"0.83178","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383569","reference_id":"1383569","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383569"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2014-9911"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fmhx-7a3k-ffdx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4331?format=json","vulnerability_id":"VCID-hkbb-bc99-yqdd","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15422.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15422.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15422","reference_id":"","reference_type":"","scores":[{"value":"0.02598","scoring_system":"epss","scoring_elements":"0.85888","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02598","scoring_system":"epss","scoring_elements":"0.85909","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15422"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15422"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523136","reference_id":"1523136","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1523136"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892766","reference_id":"892766","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892766"},{"reference_url":"https://security.archlinux.org/ASA-201712-5","reference_id":"ASA-201712-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-5"},{"reference_url":"https://security.archlinux.org/AVG-544","reference_id":"AVG-544","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3401","reference_id":"RHSA-2017:3401","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3401"},{"reference_url":"https://usn.ubuntu.com/3610-1/","reference_id":"USN-3610-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3610-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/5830?format=json","purl":"pkg:deb/debian/icu@63.1-6%2Bdeb10u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-un3w-2ee4-jbcy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@63.1-6%252Bdeb10u3"}],"aliases":["CVE-2017-15422"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hkbb-bc99-yqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72710?format=json","vulnerability_id":"VCID-k1bn-aprc-m3ht","summary":"The ucnv_io_getConverterName function in common/ucnv_io.cpp in International Components for Unicode (ICU), as used in Google Chrome before 44.0.2403.89, mishandles converter names with initial x- substrings, which allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1270.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1270.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1270","reference_id":"","reference_type":"","scores":[{"value":"0.01188","scoring_system":"epss","scoring_elements":"0.79153","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01188","scoring_system":"epss","scoring_elements":"0.79179","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1266"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1268"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1269"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1270"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1271"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1272"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1273"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1274"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1276"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1278"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1279"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1280"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1281"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1282"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1283"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1284"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1286"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1287"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1288"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1289"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245574","reference_id":"1245574","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1245574"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647","reference_id":"798647","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=798647"},{"reference_url":"https://security.gentoo.org/glsa/201603-09","reference_id":"GLSA-201603-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1499","reference_id":"RHSA-2015:1499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1499"},{"reference_url":"https://usn.ubuntu.com/2677-1/","reference_id":"USN-2677-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2677-1/"},{"reference_url":"https://usn.ubuntu.com/2740-1/","reference_id":"USN-2740-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2740-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2015-1270"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k1bn-aprc-m3ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72706?format=json","vulnerability_id":"VCID-qwzq-dmn1-j7fy","summary":"The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 uses an integer data type that is inconsistent with a header file, which allows remote attackers to cause a denial of service (incorrect malloc followed by invalid free) or possibly execute arbitrary code via crafted text.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8147.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8147.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8147","reference_id":"","reference_type":"","scores":[{"value":"0.41904","scoring_system":"epss","scoring_elements":"0.97501","published_at":"2026-06-04T12:55:00Z"},{"value":"0.41904","scoring_system":"epss","scoring_elements":"0.97507","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176200","reference_id":"1176200","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176200"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773","reference_id":"784773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773"},{"reference_url":"https://security.gentoo.org/glsa/201507-04","reference_id":"GLSA-201507-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-04"},{"reference_url":"https://usn.ubuntu.com/2605-1/","reference_id":"USN-2605-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2605-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1937-rk84-qydq"},{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-3yjj-bp6d-tkab"},{"vulnerability":"VCID-562t-my7q-fkhk"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-bkbn-dxg2-dqfk"},{"vulnerability":"VCID-excs-dj44-yfby"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fbng-2ww3-6bdu"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-kauc-686u-jqeh"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-rz8q-v7bh-9fe1"},{"vulnerability":"VCID-scv7-4fwv-vyek"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-wsen-t4x7-wuhc"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yhgb-pmpp-9uc2"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2014-8147"],"risk_score":0.8,"exploitability":"2.0","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qwzq-dmn1-j7fy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72723?format=json","vulnerability_id":"VCID-wpkr-mbq4-ekg5","summary":"International Components for Unicode (ICU) for C/C++ before 2017-02-13 has an out-of-bounds write caused by a heap-based buffer overflow related to the utf8TextAccess function in common/utext.cpp and the utext_setNativeIndex* function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7867.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7867.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7867","reference_id":"","reference_type":"","scores":[{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78576","published_at":"2026-06-04T12:55:00Z"},{"value":"0.0112","scoring_system":"epss","scoring_elements":"0.78603","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7867"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7868"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444097","reference_id":"1444097","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1444097"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314","reference_id":"860314","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860314"},{"reference_url":"https://security.gentoo.org/glsa/201710-03","reference_id":"GLSA-201710-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201710-03"},{"reference_url":"https://usn.ubuntu.com/3274-1/","reference_id":"USN-3274-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-1/"},{"reference_url":"https://usn.ubuntu.com/3274-2/","reference_id":"USN-3274-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3274-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2017-7867"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wpkr-mbq4-ekg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72721?format=json","vulnerability_id":"VCID-yzqr-kpjj-akgj","summary":"Stack-based buffer overflow in the Locale class in common/locid.cpp in International Components for Unicode (ICU) through 57.1 for C/C++ allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long locale string.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7415.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7415.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7415","reference_id":"","reference_type":"","scores":[{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.7928","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01205","scoring_system":"epss","scoring_elements":"0.79306","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-7415"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6293"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7415"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377361","reference_id":"1377361","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1377361"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838694","reference_id":"838694","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=838694"},{"reference_url":"https://security.gentoo.org/glsa/201701-58","reference_id":"GLSA-201701-58","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-58"},{"reference_url":"https://usn.ubuntu.com/3227-1/","reference_id":"USN-3227-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3227-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2016-7415"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yzqr-kpjj-akgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/72705?format=json","vulnerability_id":"VCID-zkex-ss5h-5ke5","summary":"The resolveImplicitLevels function in common/ubidi.c in the Unicode Bidirectional Algorithm implementation in ICU4C in International Components for Unicode (ICU) before 55.1 does not properly track directionally isolated pieces of text, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly execute arbitrary code via crafted text.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8146.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8146.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8146","reference_id":"","reference_type":"","scores":[{"value":"0.25808","scoring_system":"epss","scoring_elements":"0.96359","published_at":"2026-06-04T12:55:00Z"},{"value":"0.25808","scoring_system":"epss","scoring_elements":"0.96364","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8146"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8147"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176197","reference_id":"1176197","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1176197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773","reference_id":"784773","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784773"},{"reference_url":"https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/i-c-u-fail.txt","reference_id":"CVE-2014-8147;CVE-2014-8146","reference_type":"exploit","scores":[],"url":"https://github.com/pedrib/PoC/blob/a2842a650de88c582e963493d5e2711aa4a1b747/advisories/i-c-u-fail.txt"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43887.txt","reference_id":"CVE-2014-8147;CVE-2014-8146","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/local/43887.txt"},{"reference_url":"https://security.gentoo.org/glsa/201507-04","reference_id":"GLSA-201507-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201507-04"},{"reference_url":"https://usn.ubuntu.com/2605-1/","reference_id":"USN-2605-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2605-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4544?format=json","purl":"pkg:deb/debian/icu@4.8.1.1-12%2Bdeb7u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1937-rk84-qydq"},{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-3yjj-bp6d-tkab"},{"vulnerability":"VCID-562t-my7q-fkhk"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-bkbn-dxg2-dqfk"},{"vulnerability":"VCID-excs-dj44-yfby"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fbng-2ww3-6bdu"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-kauc-686u-jqeh"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-rz8q-v7bh-9fe1"},{"vulnerability":"VCID-scv7-4fwv-vyek"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-wsen-t4x7-wuhc"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yhgb-pmpp-9uc2"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@4.8.1.1-12%252Bdeb7u3"},{"url":"http://public2.vulnerablecode.io/api/packages/4546?format=json","purl":"pkg:deb/debian/icu@52.1-8%2Bdeb8u7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-3hng-5n5z-7faw"},{"vulnerability":"VCID-6grx-g6uw-yybd"},{"vulnerability":"VCID-6q8q-9q3y-abhc"},{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-8ucv-hrcz-uqau"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-aykx-vyhu-7yfr"},{"vulnerability":"VCID-f3kd-641n-17ch"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-fmhx-7a3k-ffdx"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-k1bn-aprc-m3ht"},{"vulnerability":"VCID-qwzq-dmn1-j7fy"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-wpkr-mbq4-ekg5"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"},{"vulnerability":"VCID-yzqr-kpjj-akgj"},{"vulnerability":"VCID-zkex-ss5h-5ke5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"},{"url":"http://public2.vulnerablecode.io/api/packages/5083?format=json","purl":"pkg:deb/debian/icu@57.1-6%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7fz2-29gm-eufm"},{"vulnerability":"VCID-9ubw-4yby-v3bp"},{"vulnerability":"VCID-f7v8-vz82-6ucj"},{"vulnerability":"VCID-hkbb-bc99-yqdd"},{"vulnerability":"VCID-un3w-2ee4-jbcy"},{"vulnerability":"VCID-xdhx-y4jj-xfeu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@57.1-6%252Bdeb9u4"}],"aliases":["CVE-2014-8146"],"risk_score":0.4,"exploitability":"2.0","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zkex-ss5h-5ke5"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/icu@52.1-8%252Bdeb8u7"}