{"url":"http://public2.vulnerablecode.io/api/packages/4566?format=json","purl":"pkg:deb/debian/rsync@2.3.2-1.2","type":"deb","namespace":"debian","name":"rsync","version":"2.3.2-1.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4347?format=json","vulnerability_id":"VCID-29gg-j4vp-7bef","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17433.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17433.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17433","reference_id":"","reference_type":"","scores":[{"value":"0.01555","scoring_system":"epss","scoring_elements":"0.81796","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01555","scoring_system":"epss","scoring_elements":"0.81767","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01555","scoring_system":"epss","scoring_elements":"0.81811","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01555","scoring_system":"epss","scoring_elements":"0.81802","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1522874","reference_id":"1522874","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1522874"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883667","reference_id":"883667","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883667"},{"reference_url":"https://security.archlinux.org/ASA-201801-21","reference_id":"ASA-201801-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-21"},{"reference_url":"https://security.archlinux.org/AVG-542","reference_id":"AVG-542","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-542"},{"reference_url":"https://security.gentoo.org/glsa/201801-16","reference_id":"GLSA-201801-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-16"},{"reference_url":"https://usn.ubuntu.com/3506-1/","reference_id":"USN-3506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3506-1/"},{"reference_url":"https://usn.ubuntu.com/3506-2/","reference_id":"USN-3506-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3506-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4575?format=json","purl":"pkg:deb/debian/rsync@3.1.1-3%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4855?format=json","purl":"pkg:deb/debian/rsync@3.1.2-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.2-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2017-17433"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29gg-j4vp-7bef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59966?format=json","vulnerability_id":"VCID-2c6b-ufgq-fbcw","summary":"rsync: rsync: Hostname-based ACL bypass in daemon chroot configuration","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43617.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43617","reference_id":"","reference_type":"","scores":[{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02401","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02512","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02514","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02456","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00014","scoring_system":"epss","scoring_elements":"0.02441","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43617"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469060","reference_id":"2469060","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469060"},{"reference_url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f","reference_id":"GHSA-rjfm-3w2m-jf4f","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/"}],"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-rjfm-3w2m-jf4f"},{"reference_url":"https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution","reference_id":"rsync-authorization-bypass-via-hostname-resolution","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/"}],"url":"https://www.vulncheck.com/advisories/rsync-authorization-bypass-via-hostname-resolution"},{"reference_url":"https://usn.ubuntu.com/8283-1/","reference_id":"USN-8283-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8283-1/"},{"reference_url":"https://usn.ubuntu.com/8349-1/","reference_id":"USN-8349-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8349-1/"},{"reference_url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","reference_id":"v3.4.3","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"},{"value":"6.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T13:24:57Z/"}],"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2026-43617"],"risk_score":2.9,"exploitability":"0.5","weighted_severity":"5.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2c6b-ufgq-fbcw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100295?format=json","vulnerability_id":"VCID-3nrj-48zt-8yf7","summary":"rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9512.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9512.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9512","reference_id":"","reference_type":"","scores":[{"value":"0.08882","scoring_system":"epss","scoring_elements":"0.92706","published_at":"2026-06-08T12:55:00Z"},{"value":"0.08882","scoring_system":"epss","scoring_elements":"0.92718","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08882","scoring_system":"epss","scoring_elements":"0.92713","published_at":"2026-06-06T12:55:00Z"},{"value":"0.08882","scoring_system":"epss","scoring_elements":"0.92709","published_at":"2026-06-07T12:55:00Z"},{"value":"0.08882","scoring_system":"epss","scoring_elements":"0.92724","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-9512"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9512","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9512"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:C/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1293854","reference_id":"1293854","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1293854"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778333","reference_id":"778333","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=778333"},{"reference_url":"https://security.gentoo.org/glsa/201605-04","reference_id":"GLSA-201605-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-04"},{"reference_url":"https://usn.ubuntu.com/2879-1/","reference_id":"USN-2879-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2879-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4574?format=json","purl":"pkg:deb/debian/rsync@3.1.1-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3"}],"aliases":["CVE-2014-9512"],"risk_score":1.5,"exploitability":"0.5","weighted_severity":"3.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3nrj-48zt-8yf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100285?format=json","vulnerability_id":"VCID-3tny-puu3-7fgp","summary":"rsync before 2.6.1 does not properly sanitize paths when running a read/write daemon without using chroot, which allows remote attackers to write files outside of the module's path.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0426.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0426.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0426","reference_id":"","reference_type":"","scores":[{"value":"0.03446","scoring_system":"epss","scoring_elements":"0.87713","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03446","scoring_system":"epss","scoring_elements":"0.87734","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03446","scoring_system":"epss","scoring_elements":"0.87735","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03446","scoring_system":"epss","scoring_elements":"0.87736","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03446","scoring_system":"epss","scoring_elements":"0.87748","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0426"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0426"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617206","reference_id":"1617206","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617206"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:192","reference_id":"RHSA-2004:192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:192"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4568?format=json","purl":"pkg:deb/debian/rsync@2.6.4-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-556m-a6vw-3bfj"},{"vulnerability":"VCID-56vk-3vsy-nkef"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6neq-h9yq-8fep"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-twpz-szrq-4ug3"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-w5qp-r7dz-h7fk"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6"}],"aliases":["CVE-2004-0426"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3tny-puu3-7fgp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100289?format=json","vulnerability_id":"VCID-556m-a6vw-3bfj","summary":"Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4091.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4091.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4091","reference_id":"","reference_type":"","scores":[{"value":"0.10363","scoring_system":"epss","scoring_elements":"0.93335","published_at":"2026-06-04T12:55:00Z"},{"value":"0.10363","scoring_system":"epss","scoring_elements":"0.93346","published_at":"2026-06-05T12:55:00Z"},{"value":"0.10363","scoring_system":"epss","scoring_elements":"0.93347","published_at":"2026-06-06T12:55:00Z"},{"value":"0.10363","scoring_system":"epss","scoring_elements":"0.93344","published_at":"2026-06-07T12:55:00Z"},{"value":"0.10363","scoring_system":"epss","scoring_elements":"0.93343","published_at":"2026-06-08T12:55:00Z"},{"value":"0.10363","scoring_system":"epss","scoring_elements":"0.93351","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-4091"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4091"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=252394","reference_id":"252394","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=252394"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438125","reference_id":"438125","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=438125"},{"reference_url":"https://security.gentoo.org/glsa/200709-13","reference_id":"GLSA-200709-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200709-13"},{"reference_url":"https://usn.ubuntu.com/500-1/","reference_id":"USN-500-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/500-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4571?format=json","purl":"pkg:deb/debian/rsync@3.0.3-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2"}],"aliases":["CVE-2007-4091"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-556m-a6vw-3bfj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100290?format=json","vulnerability_id":"VCID-56vk-3vsy-nkef","summary":"rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6199.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6199.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6199","reference_id":"","reference_type":"","scores":[{"value":"0.06572","scoring_system":"epss","scoring_elements":"0.91315","published_at":"2026-06-04T12:55:00Z"},{"value":"0.06572","scoring_system":"epss","scoring_elements":"0.91329","published_at":"2026-06-05T12:55:00Z"},{"value":"0.06572","scoring_system":"epss","scoring_elements":"0.9133","published_at":"2026-06-06T12:55:00Z"},{"value":"0.06572","scoring_system":"epss","scoring_elements":"0.91326","published_at":"2026-06-07T12:55:00Z"},{"value":"0.06572","scoring_system":"epss","scoring_elements":"0.91321","published_at":"2026-06-08T12:55:00Z"},{"value":"0.06572","scoring_system":"epss","scoring_elements":"0.91336","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6199"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=407161","reference_id":"407161","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=407161"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652","reference_id":"453652","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4571?format=json","purl":"pkg:deb/debian/rsync@3.0.3-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2"}],"aliases":["CVE-2007-6199"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-56vk-3vsy-nkef"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4346?format=json","vulnerability_id":"VCID-6j5d-25zc-r7es","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17434.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17434.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17434","reference_id":"","reference_type":"","scores":[{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78885","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78917","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78919","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.7891","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78899","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01156","scoring_system":"epss","scoring_elements":"0.78912","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:P/I:P/A:N"},{"value":"5.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1522875","reference_id":"1522875","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1522875"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883665","reference_id":"883665","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=883665"},{"reference_url":"https://security.archlinux.org/ASA-201801-21","reference_id":"ASA-201801-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-21"},{"reference_url":"https://security.archlinux.org/AVG-542","reference_id":"AVG-542","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-542"},{"reference_url":"https://security.gentoo.org/glsa/201801-16","reference_id":"GLSA-201801-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-16"},{"reference_url":"https://usn.ubuntu.com/3506-1/","reference_id":"USN-3506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3506-1/"},{"reference_url":"https://usn.ubuntu.com/3506-2/","reference_id":"USN-3506-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3506-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4575?format=json","purl":"pkg:deb/debian/rsync@3.1.1-3%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4855?format=json","purl":"pkg:deb/debian/rsync@3.1.2-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.2-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2017-17434"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6j5d-25zc-r7es"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100288?format=json","vulnerability_id":"VCID-6neq-h9yq-8fep","summary":"Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2083.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-2083.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2083","reference_id":"","reference_type":"","scores":[{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81497","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81525","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81527","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.8152","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01506","scoring_system":"epss","scoring_elements":"0.81535","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2006-2083"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2083"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=190207","reference_id":"190207","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=190207"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365614","reference_id":"365614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=365614"},{"reference_url":"https://security.gentoo.org/glsa/200605-05","reference_id":"GLSA-200605-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200605-05"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4569?format=json","purl":"pkg:deb/debian/rsync@2.6.9-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-556m-a6vw-3bfj"},{"vulnerability":"VCID-56vk-3vsy-nkef"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-twpz-szrq-4ug3"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-w5qp-r7dz-h7fk"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.9-2"}],"aliases":["CVE-2006-2083"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6neq-h9yq-8fep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5774?format=json","vulnerability_id":"VCID-6zwq-zvsq-rfda","summary":"man-in-the-middle","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14387.json","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14387.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14387","reference_id":"","reference_type":"","scores":[{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34016","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34117","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34132","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34099","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34065","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00142","scoring_system":"epss","scoring_elements":"0.34085","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14387"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14387","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14387"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875549","reference_id":"1875549","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1875549"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969530","reference_id":"969530","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969530"},{"reference_url":"https://security.archlinux.org/ASA-202101-1","reference_id":"ASA-202101-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202101-1"},{"reference_url":"https://security.archlinux.org/AVG-1374","reference_id":"AVG-1374","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1374"},{"reference_url":"https://security.gentoo.org/glsa/202405-22","reference_id":"GLSA-202405-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6313?format=json","purl":"pkg:deb/debian/rsync@3.2.3-4%2Bdeb11u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-87kn-sjx9-z3ea"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-y59h-bzyk-dbhf"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.3-4%252Bdeb11u1"}],"aliases":["CVE-2020-14387"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6zwq-zvsq-rfda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4345?format=json","vulnerability_id":"VCID-ay5s-4hr1-8qe5","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5764.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5764.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5764","reference_id":"","reference_type":"","scores":[{"value":"0.13133","scoring_system":"epss","scoring_elements":"0.9425","published_at":"2026-06-04T12:55:00Z"},{"value":"0.13133","scoring_system":"epss","scoring_elements":"0.94267","published_at":"2026-06-09T12:55:00Z"},{"value":"0.13133","scoring_system":"epss","scoring_elements":"0.94261","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13133","scoring_system":"epss","scoring_elements":"0.94262","published_at":"2026-06-07T12:55:00Z"},{"value":"0.13133","scoring_system":"epss","scoring_elements":"0.94259","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5764"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5764"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536661","reference_id":"1536661","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1536661"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887588","reference_id":"887588","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=887588"},{"reference_url":"https://security.archlinux.org/ASA-201801-21","reference_id":"ASA-201801-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-21"},{"reference_url":"https://security.archlinux.org/AVG-542","reference_id":"AVG-542","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-542"},{"reference_url":"https://security.gentoo.org/glsa/201805-04","reference_id":"GLSA-201805-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201805-04"},{"reference_url":"https://usn.ubuntu.com/3543-1/","reference_id":"USN-3543-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3543-1/"},{"reference_url":"https://usn.ubuntu.com/3543-2/","reference_id":"USN-3543-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3543-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2018-5764"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ay5s-4hr1-8qe5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59963?format=json","vulnerability_id":"VCID-be1r-cmk6-dyb9","summary":"rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29518.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-29518.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29518","reference_id":"","reference_type":"","scores":[{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.0091","published_at":"2026-06-09T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00912","published_at":"2026-06-07T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00911","published_at":"2026-06-06T12:55:00Z"},{"value":"9e-05","scoring_system":"epss","scoring_elements":"0.00908","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-29518"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-29518"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://michael.stapelberg.ch/posts/2026-05-24-minimal-memory-safe-go-rsync-vulns/","reference_id":"2026-05-24-minimal-memory-safe-go-rsync-vulns","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/"}],"url":"https://michael.stapelberg.ch/posts/2026-05-24-minimal-memory-safe-go-rsync-vulns/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469055","reference_id":"2469055","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469055"},{"reference_url":"https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d","reference_id":"8471fdd1561049ef5f58df44a1811a50bd9a531d","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/"}],"url":"https://github.com/RsyncProject/rsync/pull/895/changes/8471fdd1561049ef5f58df44a1811a50bd9a531d"},{"reference_url":"https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write","reference_id":"rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/"}],"url":"https://www.vulncheck.com/advisories/rsync-toctou-race-condition-allows-symlink-based-arbitrary-file-write"},{"reference_url":"https://usn.ubuntu.com/8283-1/","reference_id":"USN-8283-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8283-1/"},{"reference_url":"https://usn.ubuntu.com/8349-1/","reference_id":"USN-8349-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8349-1/"},{"reference_url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","reference_id":"v3.4.3","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"7.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T14:50:13Z/"}],"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2026-29518"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-be1r-cmk6-dyb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100298?format=json","vulnerability_id":"VCID-bvzk-j9h5-zkem","summary":"The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9842.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9842.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9842","reference_id":"","reference_type":"","scores":[{"value":"0.12602","scoring_system":"epss","scoring_elements":"0.94095","published_at":"2026-06-07T12:55:00Z"},{"value":"0.12602","scoring_system":"epss","scoring_elements":"0.94099","published_at":"2026-06-09T12:55:00Z"},{"value":"0.12602","scoring_system":"epss","scoring_elements":"0.94092","published_at":"2026-06-06T12:55:00Z"},{"value":"0.12602","scoring_system":"epss","scoring_elements":"0.94094","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13024","scoring_system":"epss","scoring_elements":"0.94218","published_at":"2026-06-04T12:55:00Z"},{"value":"0.14635","scoring_system":"epss","scoring_elements":"0.94609","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9842"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.securitytracker.com/id/1039427","reference_id":"1039427","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"http://www.securitytracker.com/id/1039427"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402348","reference_id":"1402348","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402348"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/12/05/21","reference_id":"21","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/12/05/21"},{"reference_url":"https://usn.ubuntu.com/4246-1/","reference_id":"4246-1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://usn.ubuntu.com/4246-1/"},{"reference_url":"https://usn.ubuntu.com/4292-1/","reference_id":"4292-1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://usn.ubuntu.com/4292-1/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847274","reference_id":"847274","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847274"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509","reference_id":"924509","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509"},{"reference_url":"http://www.securityfocus.com/bid/95131","reference_id":"95131","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"http://www.securityfocus.com/bid/95131"},{"reference_url":"https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib","reference_id":"Completed#zlib","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://wiki.mozilla.org/MOSS/Secure_Open_Source/Completed#zlib"},{"reference_url":"https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958","reference_id":"e54e1299404101a5a9d0cf5e45512b543967f958","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://github.com/madler/zlib/commit/e54e1299404101a5a9d0cf5e45512b543967f958"},{"reference_url":"https://security.gentoo.org/glsa/201701-56","reference_id":"GLSA-201701-56","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://security.gentoo.org/glsa/201701-56"},{"reference_url":"https://security.gentoo.org/glsa/202007-54","reference_id":"GLSA-202007-54","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://security.gentoo.org/glsa/202007-54"},{"reference_url":"https://support.apple.com/HT208112","reference_id":"HT208112","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://support.apple.com/HT208112"},{"reference_url":"https://support.apple.com/HT208113","reference_id":"HT208113","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://support.apple.com/HT208113"},{"reference_url":"https://support.apple.com/HT208115","reference_id":"HT208115","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://support.apple.com/HT208115"},{"reference_url":"https://support.apple.com/HT208144","reference_id":"HT208144","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://support.apple.com/HT208144"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html","reference_id":"msg00027.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/03/msg00027.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html","reference_id":"msg00030.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/01/msg00030.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html","reference_id":"msg00050.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html","reference_id":"msg00053.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2017-01/msg00053.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html","reference_id":"msg00127.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"http://lists.opensuse.org/opensuse-updates/2016-12/msg00127.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1220","reference_id":"RHSA-2017:1220","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:1220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1221","reference_id":"RHSA-2017:1221","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:1221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1222","reference_id":"RHSA-2017:1222","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:1222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2999","reference_id":"RHSA-2017:2999","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:2999"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3046","reference_id":"RHSA-2017:3046","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:3046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3047","reference_id":"RHSA-2017:3047","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:3047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3453","reference_id":"RHSA-2017:3453","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://access.redhat.com/errata/RHSA-2017:3453"},{"reference_url":"https://wiki.mozilla.org/images/0/09/Zlib-report.pdf","reference_id":"Zlib-report.pdf","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-04T16:34:37Z/"}],"url":"https://wiki.mozilla.org/images/0/09/Zlib-report.pdf"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2016-9842"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvzk-j9h5-zkem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3590?format=json","vulnerability_id":"VCID-c97r-cqv2-r3h4","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12085.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12085.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12085","reference_id":"","reference_type":"","scores":[{"value":"0.1902","scoring_system":"epss","scoring_elements":"0.95459","published_at":"2026-06-08T12:55:00Z"},{"value":"0.1902","scoring_system":"epss","scoring_elements":"0.95462","published_at":"2026-06-09T12:55:00Z"},{"value":"0.1902","scoring_system":"epss","scoring_elements":"0.95453","published_at":"2026-06-05T12:55:00Z"},{"value":"0.1902","scoring_system":"epss","scoring_elements":"0.95456","published_at":"2026-06-06T12:55:00Z"},{"value":"0.1902","scoring_system":"epss","scoring_elements":"0.95458","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12085"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12085"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330539","reference_id":"2330539","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330539"},{"reference_url":"https://kb.cert.org/vuls/id/952657","reference_id":"952657","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://kb.cert.org/vuls/id/952657"},{"reference_url":"https://security.archlinux.org/ASA-202501-1","reference_id":"ASA-202501-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202501-1"},{"reference_url":"https://security.archlinux.org/AVG-2858","reference_id":"AVG-2858","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2858"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.8::el9","reference_id":"cpe:/a:redhat:logging:5.8::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.8::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.9::el9","reference_id":"cpe:/a:redhat:logging:5.9::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:logging:5.9::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8","reference_id":"cpe:/a:redhat:openshift:4.12::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8","reference_id":"cpe:/a:redhat:openshift:4.13::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9","reference_id":"cpe:/a:redhat:openshift:4.13::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8","reference_id":"cpe:/a:redhat:openshift:4.14::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9","reference_id":"cpe:/a:redhat:openshift:4.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8","reference_id":"cpe:/a:redhat:openshift:4.15::el8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9","reference_id":"cpe:/a:redhat:openshift:4.15::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9","reference_id":"cpe:/a:redhat:openshift:4.16::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9","reference_id":"cpe:/a:redhat:openshift:4.17::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9","reference_id":"cpe:/a:redhat:openshift_compliance_operator:1::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6","reference_id":"cpe:/o:redhat:rhel_els:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_eus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-12085","reference_id":"CVE-2024-12085","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-12085"},{"reference_url":"https://security.gentoo.org/glsa/202501-01","reference_id":"GLSA-202501-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-01"},{"reference_url":"https://access.redhat.com/errata/RHBA-2025:6470","reference_id":"RHBA-2025:6470","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHBA-2025:6470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0324","reference_id":"RHSA-2025:0324","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0324"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0325","reference_id":"RHSA-2025:0325","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0637","reference_id":"RHSA-2025:0637","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0637"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0688","reference_id":"RHSA-2025:0688","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0688"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0714","reference_id":"RHSA-2025:0714","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0714"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0774","reference_id":"RHSA-2025:0774","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0774"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0787","reference_id":"RHSA-2025:0787","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0787"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0790","reference_id":"RHSA-2025:0790","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0849","reference_id":"RHSA-2025:0849","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0849"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0884","reference_id":"RHSA-2025:0884","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0884"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0885","reference_id":"RHSA-2025:0885","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:0885"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1120","reference_id":"RHSA-2025:1120","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:1120"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1123","reference_id":"RHSA-2025:1123","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:1123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1128","reference_id":"RHSA-2025:1128","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:1128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1225","reference_id":"RHSA-2025:1225","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:1225"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1227","reference_id":"RHSA-2025:1227","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:1227"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1242","reference_id":"RHSA-2025:1242","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:1451","reference_id":"RHSA-2025:1451","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:1451"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21885","reference_id":"RHSA-2025:21885","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-27T04:55:14Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:21885"},{"reference_url":"https://usn.ubuntu.com/7206-1/","reference_id":"USN-7206-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-1/"},{"reference_url":"https://usn.ubuntu.com/7206-3/","reference_id":"USN-7206-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2024-12085"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c97r-cqv2-r3h4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100286?format=json","vulnerability_id":"VCID-e8g3-c9dj-a3am","summary":"Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0792.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0792.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0792","reference_id":"","reference_type":"","scores":[{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74001","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74034","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74038","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74024","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00777","scoring_system":"epss","scoring_elements":"0.74007","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-0792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0792"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617292","reference_id":"1617292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617292"},{"reference_url":"https://security.gentoo.org/glsa/200408-17","reference_id":"GLSA-200408-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200408-17"},{"reference_url":"https://access.redhat.com/errata/RHSA-2004:436","reference_id":"RHSA-2004:436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2004:436"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4568?format=json","purl":"pkg:deb/debian/rsync@2.6.4-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-556m-a6vw-3bfj"},{"vulnerability":"VCID-56vk-3vsy-nkef"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6neq-h9yq-8fep"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-twpz-szrq-4ug3"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-w5qp-r7dz-h7fk"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6"}],"aliases":["CVE-2004-0792"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8g3-c9dj-a3am"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59965?format=json","vulnerability_id":"VCID-f9zn-2jhn-jqg4","summary":"rsync: rsync: Symlink race vulnerability allows unauthorized file operations","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43619.json","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43619.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43619","reference_id":"","reference_type":"","scores":[{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00531","published_at":"2026-06-09T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00534","published_at":"2026-06-06T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00532","published_at":"2026-06-07T12:55:00Z"},{"value":"7e-05","scoring_system":"epss","scoring_elements":"0.00528","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43619"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469058","reference_id":"2469058","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469058"},{"reference_url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735","reference_id":"GHSA-4h9m-w5ff-j735","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/"}],"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-4h9m-w5ff-j735"},{"reference_url":"https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls","reference_id":"rsync-symlink-race-condition-via-path-based-syscalls","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/"}],"url":"https://www.vulncheck.com/advisories/rsync-symlink-race-condition-via-path-based-syscalls"},{"reference_url":"https://usn.ubuntu.com/8283-1/","reference_id":"USN-8283-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8283-1/"},{"reference_url":"https://usn.ubuntu.com/8349-1/","reference_id":"USN-8349-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8349-1/"},{"reference_url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","reference_id":"v3.4.3","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"7.2","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:09:05Z/"}],"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2026-43619"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-f9zn-2jhn-jqg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100297?format=json","vulnerability_id":"VCID-jrfy-z2we-n7cz","summary":"inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9841.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9841.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9841","reference_id":"","reference_type":"","scores":[{"value":"0.13495","scoring_system":"epss","scoring_elements":"0.94345","published_at":"2026-06-04T12:55:00Z"},{"value":"0.19177","scoring_system":"epss","scoring_elements":"0.95492","published_at":"2026-06-09T12:55:00Z"},{"value":"0.19177","scoring_system":"epss","scoring_elements":"0.95485","published_at":"2026-06-06T12:55:00Z"},{"value":"0.19177","scoring_system":"epss","scoring_elements":"0.95487","published_at":"2026-06-07T12:55:00Z"},{"value":"0.19177","scoring_system":"epss","scoring_elements":"0.95488","published_at":"2026-06-08T12:55:00Z"},{"value":"0.23605","scoring_system":"epss","scoring_elements":"0.96092","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9841"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9841"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402346","reference_id":"1402346","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402346"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270","reference_id":"847270","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509","reference_id":"924509","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509"},{"reference_url":"https://security.gentoo.org/glsa/201701-56","reference_id":"GLSA-201701-56","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-56"},{"reference_url":"https://security.gentoo.org/glsa/202007-54","reference_id":"GLSA-202007-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1220","reference_id":"RHSA-2017:1220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1221","reference_id":"RHSA-2017:1221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1222","reference_id":"RHSA-2017:1222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2999","reference_id":"RHSA-2017:2999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2999"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3046","reference_id":"RHSA-2017:3046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3047","reference_id":"RHSA-2017:3047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3453","reference_id":"RHSA-2017:3453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3453"},{"reference_url":"https://usn.ubuntu.com/6736-1/","reference_id":"USN-6736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6736-1/"},{"reference_url":"https://usn.ubuntu.com/6736-2/","reference_id":"USN-6736-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6736-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2016-9841"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrfy-z2we-n7cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4348?format=json","vulnerability_id":"VCID-kxm2-1khw-suaq","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16548.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16548.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16548","reference_id":"","reference_type":"","scores":[{"value":"0.03341","scoring_system":"epss","scoring_elements":"0.87526","published_at":"2026-06-04T12:55:00Z"},{"value":"0.03341","scoring_system":"epss","scoring_elements":"0.87555","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03341","scoring_system":"epss","scoring_elements":"0.87544","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03341","scoring_system":"epss","scoring_elements":"0.87543","published_at":"2026-06-08T12:55:00Z"},{"value":"0.03341","scoring_system":"epss","scoring_elements":"0.87547","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03341","scoring_system":"epss","scoring_elements":"0.87545","published_at":"2026-06-06T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16548"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17434"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1511411","reference_id":"1511411","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1511411"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880954","reference_id":"880954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880954"},{"reference_url":"https://security.archlinux.org/ASA-201801-21","reference_id":"ASA-201801-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-21"},{"reference_url":"https://security.archlinux.org/AVG-542","reference_id":"AVG-542","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-542"},{"reference_url":"https://security.gentoo.org/glsa/201801-16","reference_id":"GLSA-201801-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-16"},{"reference_url":"https://usn.ubuntu.com/3543-1/","reference_id":"USN-3543-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3543-1/"},{"reference_url":"https://usn.ubuntu.com/3543-2/","reference_id":"USN-3543-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3543-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4575?format=json","purl":"pkg:deb/debian/rsync@3.1.1-3%2Bdeb8u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3%252Bdeb8u1"},{"url":"http://public2.vulnerablecode.io/api/packages/4855?format=json","purl":"pkg:deb/debian/rsync@3.1.2-1%2Bdeb9u2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.2-1%252Bdeb9u2"},{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2017-16548"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxm2-1khw-suaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100294?format=json","vulnerability_id":"VCID-mwde-7pds-33c5","summary":"The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in the secrets file.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2855.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-2855.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2855","reference_id":"","reference_type":"","scores":[{"value":"0.17189","scoring_system":"epss","scoring_elements":"0.95143","published_at":"2026-06-04T12:55:00Z"},{"value":"0.17189","scoring_system":"epss","scoring_elements":"0.95151","published_at":"2026-06-05T12:55:00Z"},{"value":"0.17189","scoring_system":"epss","scoring_elements":"0.95152","published_at":"2026-06-06T12:55:00Z"},{"value":"0.17189","scoring_system":"epss","scoring_elements":"0.95154","published_at":"2026-06-07T12:55:00Z"},{"value":"0.17189","scoring_system":"epss","scoring_elements":"0.95153","published_at":"2026-06-08T12:55:00Z"},{"value":"0.17189","scoring_system":"epss","scoring_elements":"0.95157","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-2855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2855"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1087841","reference_id":"1087841","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1087841"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744791","reference_id":"744791","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=744791"},{"reference_url":"https://usn.ubuntu.com/2171-1/","reference_id":"USN-2171-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2171-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4574?format=json","purl":"pkg:deb/debian/rsync@3.1.1-3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.1-3"}],"aliases":["CVE-2014-2855"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwde-7pds-33c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3586?format=json","vulnerability_id":"VCID-nh72-az7j-wqde","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12747.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12747","reference_id":"","reference_type":"","scores":[{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01457","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01455","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01463","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00011","scoring_system":"epss","scoring_elements":"0.01465","published_at":"2026-06-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12747"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332968","reference_id":"2332968","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2332968"},{"reference_url":"https://kb.cert.org/vuls/id/952657","reference_id":"952657","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/"}],"url":"https://kb.cert.org/vuls/id/952657"},{"reference_url":"https://security.archlinux.org/ASA-202501-1","reference_id":"ASA-202501-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202501-1"},{"reference_url":"https://security.archlinux.org/AVG-2858","reference_id":"AVG-2858","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2858"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9","reference_id":"cpe:/a:redhat:discovery:1.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-12747","reference_id":"CVE-2024-12747","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-12747"},{"reference_url":"https://security.gentoo.org/glsa/202501-01","reference_id":"GLSA-202501-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-01"},{"reference_url":"https://access.redhat.com/errata/RHBA-2025:6470","reference_id":"RHBA-2025:6470","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/"}],"url":"https://access.redhat.com/errata/RHBA-2025:6470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2600","reference_id":"RHSA-2025:2600","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7050","reference_id":"RHSA-2025:7050","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8385","reference_id":"RHSA-2025:8385","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-14T18:38:10Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"reference_url":"https://usn.ubuntu.com/7206-1/","reference_id":"USN-7206-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-1/"},{"reference_url":"https://usn.ubuntu.com/7206-3/","reference_id":"USN-7206-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2024-12747"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nh72-az7j-wqde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3587?format=json","vulnerability_id":"VCID-rt4a-vn86-vfd1","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12088.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12088.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12088","reference_id":"","reference_type":"","scores":[{"value":"0.0247","scoring_system":"epss","scoring_elements":"0.85569","published_at":"2026-06-09T12:55:00Z"},{"value":"0.0247","scoring_system":"epss","scoring_elements":"0.85568","published_at":"2026-06-05T12:55:00Z"},{"value":"0.0247","scoring_system":"epss","scoring_elements":"0.85573","published_at":"2026-06-06T12:55:00Z"},{"value":"0.0247","scoring_system":"epss","scoring_elements":"0.8557","published_at":"2026-06-07T12:55:00Z"},{"value":"0.0247","scoring_system":"epss","scoring_elements":"0.85555","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12088"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12088"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330676","reference_id":"2330676","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330676"},{"reference_url":"https://kb.cert.org/vuls/id/952657","reference_id":"952657","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/"}],"url":"https://kb.cert.org/vuls/id/952657"},{"reference_url":"https://security.archlinux.org/ASA-202501-1","reference_id":"ASA-202501-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202501-1"},{"reference_url":"https://security.archlinux.org/AVG-2858","reference_id":"AVG-2858","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2858"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9","reference_id":"cpe:/a:redhat:discovery:1.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-12088","reference_id":"CVE-2024-12088","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-12088"},{"reference_url":"https://security.gentoo.org/glsa/202501-01","reference_id":"GLSA-202501-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-01"},{"reference_url":"https://access.redhat.com/errata/RHBA-2025:6470","reference_id":"RHBA-2025:6470","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/"}],"url":"https://access.redhat.com/errata/RHBA-2025:6470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2600","reference_id":"RHSA-2025:2600","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7050","reference_id":"RHSA-2025:7050","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8385","reference_id":"RHSA-2025:8385","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:13:08Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"reference_url":"https://usn.ubuntu.com/7206-1/","reference_id":"USN-7206-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-1/"},{"reference_url":"https://usn.ubuntu.com/7206-3/","reference_id":"USN-7206-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2024-12088"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rt4a-vn86-vfd1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3589?format=json","vulnerability_id":"VCID-rub5-mpqy-qke8","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12086.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12086.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12086","reference_id":"","reference_type":"","scores":[{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83661","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83664","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.8365","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.83657","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01913","scoring_system":"epss","scoring_elements":"0.8366","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12086"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12086"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330577","reference_id":"2330577","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330577"},{"reference_url":"https://kb.cert.org/vuls/id/952657","reference_id":"952657","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/"}],"url":"https://kb.cert.org/vuls/id/952657"},{"reference_url":"https://security.archlinux.org/ASA-202501-1","reference_id":"ASA-202501-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202501-1"},{"reference_url":"https://security.archlinux.org/AVG-2858","reference_id":"AVG-2858","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2858"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.6::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6","reference_id":"cpe:/o:redhat:enterprise_linux:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8","reference_id":"cpe:/o:redhat:enterprise_linux:8","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-12086","reference_id":"CVE-2024-12086","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-12086"},{"reference_url":"https://security.gentoo.org/glsa/202501-01","reference_id":"GLSA-202501-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-01"},{"reference_url":"https://access.redhat.com/errata/RHBA-2025:6470","reference_id":"RHBA-2025:6470","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/"}],"url":"https://access.redhat.com/errata/RHBA-2025:6470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19368","reference_id":"RHSA-2026:19368","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:19368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20603","reference_id":"RHSA-2026:20603","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:14:25Z/"}],"url":"https://access.redhat.com/errata/RHSA-2026:20603"},{"reference_url":"https://usn.ubuntu.com/7206-1/","reference_id":"USN-7206-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-1/"},{"reference_url":"https://usn.ubuntu.com/7206-3/","reference_id":"USN-7206-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2024-12086"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rub5-mpqy-qke8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100287?format=json","vulnerability_id":"VCID-shem-sbrm-mba8","summary":"Buffer overflow in the open_socket_out function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a long RSYNC_PROXY environment variable.  NOTE: since rsync is not setuid, this issue does not provide any additional privileges beyond those that are already available to the user.  Therefore this issue may be REJECTED in the future.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2093","reference_id":"","reference_type":"","scores":[{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.73002","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.7304","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.73046","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.7303","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.73017","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00728","scoring_system":"epss","scoring_elements":"0.73041","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2004-2093"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2093","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2093"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/152.c","reference_id":"OSVDB-45182;CVE-2004-2093","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/152.c"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4568?format=json","purl":"pkg:deb/debian/rsync@2.6.4-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-556m-a6vw-3bfj"},{"vulnerability":"VCID-56vk-3vsy-nkef"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6neq-h9yq-8fep"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-twpz-szrq-4ug3"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-w5qp-r7dz-h7fk"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6"}],"aliases":["CVE-2004-2093"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-shem-sbrm-mba8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100284?format=json","vulnerability_id":"VCID-syr4-38sr-5ye2","summary":"Heap-based buffer overflow in rsync before 2.5.7, when running in server mode, allows remote attackers to execute arbitrary code and possibly escape the chroot jail.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0962.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-0962.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0962","reference_id":"","reference_type":"","scores":[{"value":"0.44259","scoring_system":"epss","scoring_elements":"0.97621","published_at":"2026-06-04T12:55:00Z"},{"value":"0.44259","scoring_system":"epss","scoring_elements":"0.97624","published_at":"2026-06-05T12:55:00Z"},{"value":"0.44259","scoring_system":"epss","scoring_elements":"0.97626","published_at":"2026-06-07T12:55:00Z"},{"value":"0.44259","scoring_system":"epss","scoring_elements":"0.97627","published_at":"2026-06-08T12:55:00Z"},{"value":"0.44259","scoring_system":"epss","scoring_elements":"0.97628","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2003-0962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0962"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617105","reference_id":"1617105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1617105"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:398","reference_id":"RHSA-2003:398","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:398"},{"reference_url":"https://access.redhat.com/errata/RHSA-2003:399","reference_id":"RHSA-2003:399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2003:399"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4568?format=json","purl":"pkg:deb/debian/rsync@2.6.4-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-556m-a6vw-3bfj"},{"vulnerability":"VCID-56vk-3vsy-nkef"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6neq-h9yq-8fep"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-twpz-szrq-4ug3"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-w5qp-r7dz-h7fk"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.6.4-6"}],"aliases":["CVE-2003-0962"],"risk_score":0.2,"exploitability":"0.5","weighted_severity":"0.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-syr4-38sr-5ye2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100296?format=json","vulnerability_id":"VCID-tm8c-43cn-3fa4","summary":"inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9840.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9840.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9840","reference_id":"","reference_type":"","scores":[{"value":"0.09831","scoring_system":"epss","scoring_elements":"0.93133","published_at":"2026-06-09T12:55:00Z"},{"value":"0.09831","scoring_system":"epss","scoring_elements":"0.93129","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09831","scoring_system":"epss","scoring_elements":"0.93126","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09831","scoring_system":"epss","scoring_elements":"0.93124","published_at":"2026-06-08T12:55:00Z"},{"value":"0.12517","scoring_system":"epss","scoring_elements":"0.94062","published_at":"2026-06-04T12:55:00Z"},{"value":"0.12517","scoring_system":"epss","scoring_elements":"0.9407","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9840"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9840"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402345","reference_id":"1402345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402345"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270","reference_id":"847270","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847270"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509","reference_id":"924509","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509"},{"reference_url":"https://security.gentoo.org/glsa/201701-56","reference_id":"GLSA-201701-56","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-56"},{"reference_url":"https://security.gentoo.org/glsa/202007-54","reference_id":"GLSA-202007-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1220","reference_id":"RHSA-2017:1220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1221","reference_id":"RHSA-2017:1221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1222","reference_id":"RHSA-2017:1222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2999","reference_id":"RHSA-2017:2999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2999"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3046","reference_id":"RHSA-2017:3046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3047","reference_id":"RHSA-2017:3047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3453","reference_id":"RHSA-2017:3453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3453"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:10541","reference_id":"RHSA-2025:10541","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:10541"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:11048","reference_id":"RHSA-2025:11048","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:11048"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:12013","reference_id":"RHSA-2025:12013","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:12013"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:13947","reference_id":"RHSA-2025:13947","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:13947"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8280","reference_id":"RHSA-2025:8280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8284","reference_id":"RHSA-2025:8284","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8284"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8314","reference_id":"RHSA-2025:8314","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8314"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8395","reference_id":"RHSA-2025:8395","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:8395"},{"reference_url":"https://usn.ubuntu.com/6736-1/","reference_id":"USN-6736-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6736-1/"},{"reference_url":"https://usn.ubuntu.com/6736-2/","reference_id":"USN-6736-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6736-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2016-9840"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"7.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tm8c-43cn-3fa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100292?format=json","vulnerability_id":"VCID-twpz-szrq-4ug3","summary":"Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1720.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1720.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1720","reference_id":"","reference_type":"","scores":[{"value":"0.08442","scoring_system":"epss","scoring_elements":"0.92489","published_at":"2026-06-04T12:55:00Z"},{"value":"0.08442","scoring_system":"epss","scoring_elements":"0.92502","published_at":"2026-06-05T12:55:00Z"},{"value":"0.08442","scoring_system":"epss","scoring_elements":"0.92497","published_at":"2026-06-06T12:55:00Z"},{"value":"0.08442","scoring_system":"epss","scoring_elements":"0.92492","published_at":"2026-06-07T12:55:00Z"},{"value":"0.08442","scoring_system":"epss","scoring_elements":"0.92491","published_at":"2026-06-08T12:55:00Z"},{"value":"0.08442","scoring_system":"epss","scoring_elements":"0.92509","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2008-1720"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1720"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=441683","reference_id":"441683","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=441683"},{"reference_url":"https://security.gentoo.org/glsa/200804-16","reference_id":"GLSA-200804-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200804-16"},{"reference_url":"https://usn.ubuntu.com/600-1/","reference_id":"USN-600-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/600-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4571?format=json","purl":"pkg:deb/debian/rsync@3.0.3-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2"}],"aliases":["CVE-2008-1720"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-twpz-szrq-4ug3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100299?format=json","vulnerability_id":"VCID-uaqx-g92v-sbdh","summary":"The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9843.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9843","reference_id":"","reference_type":"","scores":[{"value":"0.13502","scoring_system":"epss","scoring_elements":"0.94358","published_at":"2026-06-08T12:55:00Z"},{"value":"0.13502","scoring_system":"epss","scoring_elements":"0.94363","published_at":"2026-06-09T12:55:00Z"},{"value":"0.13502","scoring_system":"epss","scoring_elements":"0.94357","published_at":"2026-06-06T12:55:00Z"},{"value":"0.15071","scoring_system":"epss","scoring_elements":"0.94704","published_at":"2026-06-04T12:55:00Z"},{"value":"0.16958","scoring_system":"epss","scoring_elements":"0.95102","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9843"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402351","reference_id":"1402351","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1402351"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847275","reference_id":"847275","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=847275"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509","reference_id":"924509","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924509"},{"reference_url":"https://security.gentoo.org/glsa/201701-56","reference_id":"GLSA-201701-56","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-56"},{"reference_url":"https://security.gentoo.org/glsa/202007-54","reference_id":"GLSA-202007-54","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-54"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1220","reference_id":"RHSA-2017:1220","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1220"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1221","reference_id":"RHSA-2017:1221","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1221"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1222","reference_id":"RHSA-2017:1222","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1222"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2999","reference_id":"RHSA-2017:2999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2999"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3046","reference_id":"RHSA-2017:3046","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3046"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3047","reference_id":"RHSA-2017:3047","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3047"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:3453","reference_id":"RHSA-2017:3453","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:3453"},{"reference_url":"https://usn.ubuntu.com/7959-1/","reference_id":"USN-7959-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7959-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5941?format=json","purl":"pkg:deb/debian/rsync@3.1.3-6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.1.3-6"}],"aliases":["CVE-2016-9843"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uaqx-g92v-sbdh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59964?format=json","vulnerability_id":"VCID-vfqu-z1s4-mfa2","summary":"rsync: rsync: Remote Denial of Service via Out-of-bounds Read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43620.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43620.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43620","reference_id":"","reference_type":"","scores":[{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04206","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.0422","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04219","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04208","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00017","scoring_system":"epss","scoring_elements":"0.04182","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43620"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43620","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43620"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469057","reference_id":"2469057","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469057"},{"reference_url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm","reference_id":"GHSA-28pw-r563-rxvm","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/"}],"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-28pw-r563-rxvm"},{"reference_url":"https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files","reference_id":"rsync-out-of-bounds-array-read-via-recv-files","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/"}],"url":"https://www.vulncheck.com/advisories/rsync-out-of-bounds-array-read-via-recv-files"},{"reference_url":"https://usn.ubuntu.com/8283-1/","reference_id":"USN-8283-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8283-1/"},{"reference_url":"https://usn.ubuntu.com/8349-1/","reference_id":"USN-8349-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8349-1/"},{"reference_url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","reference_id":"v3.4.3","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-20T14:11:42Z/"}],"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2026-43620"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vfqu-z1s4-mfa2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100291?format=json","vulnerability_id":"VCID-w5qp-r7dz-h7fk","summary":"Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspecified (4) dest options.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6200.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-6200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6200","reference_id":"","reference_type":"","scores":[{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85074","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85098","published_at":"2026-06-05T12:55:00Z"},{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85102","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85096","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.85086","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02314","scoring_system":"epss","scoring_elements":"0.851","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2007-6200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6200"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=407171","reference_id":"407171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=407171"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652","reference_id":"453652","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0999","reference_id":"RHSA-2011:0999","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0999"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4571?format=json","purl":"pkg:deb/debian/rsync@3.0.3-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-x81r-ud9r-8ybd"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.3-2"}],"aliases":["CVE-2007-6200"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w5qp-r7dz-h7fk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59961?format=json","vulnerability_id":"VCID-wc4u-jz1n-eff9","summary":"rsync: rsync: Remote memory disclosure via integer overflow in compressed-token decoding","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43618.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-43618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43618","reference_id":"","reference_type":"","scores":[{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17864","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17961","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17958","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17921","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00056","scoring_system":"epss","scoring_elements":"0.17846","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-43618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-43618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469054","reference_id":"2469054","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2469054"},{"reference_url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq","reference_id":"GHSA-g37v-g3gj-pmwq","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/"}],"url":"https://github.com/RsyncProject/rsync/security/advisories/GHSA-g37v-g3gj-pmwq"},{"reference_url":"https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure","reference_id":"rsync-integer-overflow-information-disclosure","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/"}],"url":"https://www.vulncheck.com/advisories/rsync-integer-overflow-information-disclosure"},{"reference_url":"https://usn.ubuntu.com/8283-1/","reference_id":"USN-8283-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8283-1/"},{"reference_url":"https://usn.ubuntu.com/8349-1/","reference_id":"USN-8349-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8349-1/"},{"reference_url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3","reference_id":"v3.4.3","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"6.1","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-05-20T13:03:53Z/"}],"url":"https://github.com/RsyncProject/rsync/releases/tag/v3.4.3"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2026-43618"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc4u-jz1n-eff9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100293?format=json","vulnerability_id":"VCID-x81r-ud9r-8ybd","summary":"rsync 3.x before 3.0.8, when certain recursion, deletion, and ownership options are used, allows remote rsync servers to cause a denial of service (heap memory corruption and application crash) or possibly execute arbitrary code via malformed data.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1097.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-1097.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1097","reference_id":"","reference_type":"","scores":[{"value":"0.01623","scoring_system":"epss","scoring_elements":"0.8218","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01623","scoring_system":"epss","scoring_elements":"0.82209","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01623","scoring_system":"epss","scoring_elements":"0.8221","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01623","scoring_system":"epss","scoring_elements":"0.82212","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02186","scoring_system":"epss","scoring_elements":"0.84689","published_at":"2026-06-08T12:55:00Z"},{"value":"0.02186","scoring_system":"epss","scoring_elements":"0.84702","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-1097"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1097"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621866","reference_id":"621866","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=621866"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=675036","reference_id":"675036","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=675036"},{"reference_url":"https://security.gentoo.org/glsa/201412-09","reference_id":"GLSA-201412-09","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201412-09"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0390","reference_id":"RHSA-2011:0390","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2011:0390"},{"reference_url":"https://usn.ubuntu.com/1124-1/","reference_id":"USN-1124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1124-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4573?format=json","purl":"pkg:deb/debian/rsync@3.0.9-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-29gg-j4vp-7bef"},{"vulnerability":"VCID-2c6b-ufgq-fbcw"},{"vulnerability":"VCID-3nrj-48zt-8yf7"},{"vulnerability":"VCID-6j5d-25zc-r7es"},{"vulnerability":"VCID-6zwq-zvsq-rfda"},{"vulnerability":"VCID-ay5s-4hr1-8qe5"},{"vulnerability":"VCID-be1r-cmk6-dyb9"},{"vulnerability":"VCID-bvzk-j9h5-zkem"},{"vulnerability":"VCID-c97r-cqv2-r3h4"},{"vulnerability":"VCID-f9zn-2jhn-jqg4"},{"vulnerability":"VCID-jrfy-z2we-n7cz"},{"vulnerability":"VCID-kxm2-1khw-suaq"},{"vulnerability":"VCID-mwde-7pds-33c5"},{"vulnerability":"VCID-nh72-az7j-wqde"},{"vulnerability":"VCID-rt4a-vn86-vfd1"},{"vulnerability":"VCID-rub5-mpqy-qke8"},{"vulnerability":"VCID-tm8c-43cn-3fa4"},{"vulnerability":"VCID-uaqx-g92v-sbdh"},{"vulnerability":"VCID-vfqu-z1s4-mfa2"},{"vulnerability":"VCID-wc4u-jz1n-eff9"},{"vulnerability":"VCID-yamy-3z1h-kqaf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.0.9-4"}],"aliases":["CVE-2011-1097"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x81r-ud9r-8ybd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3588?format=json","vulnerability_id":"VCID-yamy-3z1h-kqaf","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12087.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-12087.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12087","reference_id":"","reference_type":"","scores":[{"value":"0.03163","scoring_system":"epss","scoring_elements":"0.87186","published_at":"2026-06-09T12:55:00Z"},{"value":"0.03163","scoring_system":"epss","scoring_elements":"0.87184","published_at":"2026-06-05T12:55:00Z"},{"value":"0.03163","scoring_system":"epss","scoring_elements":"0.87181","published_at":"2026-06-06T12:55:00Z"},{"value":"0.03163","scoring_system":"epss","scoring_elements":"0.87178","published_at":"2026-06-07T12:55:00Z"},{"value":"0.03163","scoring_system":"epss","scoring_elements":"0.87174","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-12087"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-12087"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330672","reference_id":"2330672","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2330672"},{"reference_url":"https://kb.cert.org/vuls/id/952657","reference_id":"952657","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://kb.cert.org/vuls/id/952657"},{"reference_url":"https://security.archlinux.org/ASA-202501-1","reference_id":"ASA-202501-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202501-1"},{"reference_url":"https://security.archlinux.org/AVG-2858","reference_id":"AVG-2858","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2858"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9","reference_id":"cpe:/a:redhat:discovery:1.14::el9","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:1.14::el9"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4","reference_id":"cpe:/a:redhat:openshift:4","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.0::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_id":"cpe:/a:redhat:rhel_e4s:9.2::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream","reference_id":"cpe:/a:redhat:rhel_eus:9.4::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0","reference_id":"cpe:/o:redhat:enterprise_linux:10.0","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos","reference_id":"cpe:/o:redhat:enterprise_linux:9::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_aus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.0::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_id":"cpe:/o:redhat:rhel_e4s:9.2::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6","reference_id":"cpe:/o:redhat:rhel_els:6","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:6"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7","reference_id":"cpe:/o:redhat:rhel_els:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus:9.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_id":"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.6::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos","reference_id":"cpe:/o:redhat:rhel_tus:8.8::baseos","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2024-12087","reference_id":"CVE-2024-12087","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2024-12087"},{"reference_url":"https://security.gentoo.org/glsa/202501-01","reference_id":"GLSA-202501-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202501-01"},{"reference_url":"https://access.redhat.com/errata/RHBA-2025:6470","reference_id":"RHBA-2025:6470","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHBA-2025:6470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23154","reference_id":"RHSA-2025:23154","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23154"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23235","reference_id":"RHSA-2025:23235","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23235"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23407","reference_id":"RHSA-2025:23407","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23407"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23415","reference_id":"RHSA-2025:23415","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23416","reference_id":"RHSA-2025:23416","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23842","reference_id":"RHSA-2025:23842","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23842"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23853","reference_id":"RHSA-2025:23853","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23853"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23854","reference_id":"RHSA-2025:23854","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23854"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23858","reference_id":"RHSA-2025:23858","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:23858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:2600","reference_id":"RHSA-2025:2600","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:2600"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7050","reference_id":"RHSA-2025:7050","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:7050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:8385","reference_id":"RHSA-2025:8385","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-26T14:12:12Z/"}],"url":"https://access.redhat.com/errata/RHSA-2025:8385"},{"reference_url":"https://usn.ubuntu.com/7206-1/","reference_id":"USN-7206-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-1/"},{"reference_url":"https://usn.ubuntu.com/7206-3/","reference_id":"USN-7206-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7206-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195406?format=json","purl":"pkg:deb/debian/rsync@3.2.7-1%2Bdeb12u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7w3c-s3ph-v7fk"},{"vulnerability":"VCID-eyj3-gsf2-u7c5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@3.2.7-1%252Bdeb12u4"}],"aliases":["CVE-2024-12087"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yamy-3z1h-kqaf"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/rsync@2.3.2-1.2"}