{"url":"http://public2.vulnerablecode.io/api/packages/475613?format=json","purl":"pkg:apk/alpine/samba@4.12.9-r0?arch=aarch64&distroversion=v3.20&reponame=main","type":"apk","namespace":"alpine","name":"samba","version":"4.12.9-r0","qualifiers":{"arch":"aarch64","distroversion":"v3.20","reponame":"main"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"4.14.2-r0","latest_non_vulnerable_version":"4.18.9-r0","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100715?format=json","vulnerability_id":"VCID-7q6r-9cgn-5kfp","summary":"A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14318.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14318.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14318","reference_id":"","reference_type":"","scores":[{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36232","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36336","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00157","scoring_system":"epss","scoring_elements":"0.36327","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14318"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14318"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631","reference_id":"1892631","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T14:56:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973400","reference_id":"973400","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973400"},{"reference_url":"https://www.samba.org/samba/security/CVE-2020-14318.html","reference_id":"CVE-2020-14318.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T14:56:23Z/"}],"url":"https://www.samba.org/samba/security/CVE-2020-14318.html"},{"reference_url":"https://security.gentoo.org/glsa/202012-24","reference_id":"GLSA-202012-24","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T14:56:23Z/"}],"url":"https://security.gentoo.org/glsa/202012-24"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T14:56:23Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5439","reference_id":"RHSA-2020:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1647","reference_id":"RHSA-2021:1647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3723","reference_id":"RHSA-2021:3723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3723"},{"reference_url":"https://usn.ubuntu.com/4611-1/","reference_id":"USN-4611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4611-1/"},{"reference_url":"https://usn.ubuntu.com/4931-1/","reference_id":"USN-4931-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4931-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/475613?format=json","purl":"pkg:apk/alpine/samba@4.12.9-r0?arch=aarch64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.12.9-r0%3Farch=aarch64&distroversion=v3.20&reponame=main"}],"aliases":["CVE-2020-14318"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7q6r-9cgn-5kfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100716?format=json","vulnerability_id":"VCID-m1qp-m1d3-nbgw","summary":"A null pointer dereference flaw was found in samba's Winbind service in versions before 4.11.15, before 4.12.9 and before 4.13.1. A local user could use this flaw to crash the winbind service causing denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14323.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14323.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14323","reference_id":"","reference_type":"","scores":[{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62414","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6236","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.62406","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14323"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14323"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1891685","reference_id":"1891685","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1891685"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973399","reference_id":"973399","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973399"},{"reference_url":"https://www.samba.org/samba/security/CVE-2020-14323.html","reference_id":"CVE-2020-14323.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://www.samba.org/samba/security/CVE-2020-14323.html"},{"reference_url":"https://security.gentoo.org/glsa/202012-24","reference_id":"GLSA-202012-24","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://security.gentoo.org/glsa/202012-24"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/","reference_id":"JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JE2M4FE3N3EDXVG4UKSVFPL7SQUGFFDP/"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html","reference_id":"msg00008.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html","reference_id":"msg00012.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-11/msg00012.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html","reference_id":"msg00041.html","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2020/11/msg00041.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20201103-0001/","reference_id":"ntap-20201103-0001","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://security.netapp.com/advisory/ntap-20201103-0001/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5439","reference_id":"RHSA-2020:5439","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5439"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1647","reference_id":"RHSA-2021:1647","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1647"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3723","reference_id":"RHSA-2021:3723","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3723"},{"reference_url":"https://usn.ubuntu.com/4611-1/","reference_id":"USN-4611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4611-1/"},{"reference_url":"https://usn.ubuntu.com/4931-1/","reference_id":"USN-4931-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4931-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/","reference_id":"W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-22T20:46:57Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6HM73N4NEGFW5GIJJGGP6ZZBS6GTXPB/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/475613?format=json","purl":"pkg:apk/alpine/samba@4.12.9-r0?arch=aarch64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.12.9-r0%3Farch=aarch64&distroversion=v3.20&reponame=main"}],"aliases":["CVE-2020-14323"],"risk_score":2.5,"exploitability":"0.5","weighted_severity":"5.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1qp-m1d3-nbgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/100718?format=json","vulnerability_id":"VCID-t35b-ur7m-vqeu","summary":"A flaw was found in samba's DNS server. An authenticated user could use this flaw to the RPC server to crash. This RPC server, which also serves protocols other than dnsserver, will be restarted after a short delay, but it is easy for an authenticated non administrative attacker to crash it again as soon as it returns. The Samba DNS server itself will continue to operate, but many RPC services will not.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14383.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14383","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64688","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64738","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64729","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-14383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14383"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892636","reference_id":"1892636","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T15:10:17Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892636"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973398","reference_id":"973398","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973398"},{"reference_url":"https://www.samba.org/samba/security/CVE-2020-14383.html","reference_id":"CVE-2020-14383.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T15:10:17Z/"}],"url":"https://www.samba.org/samba/security/CVE-2020-14383.html"},{"reference_url":"https://security.gentoo.org/glsa/202012-24","reference_id":"GLSA-202012-24","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T15:10:17Z/"}],"url":"https://security.gentoo.org/glsa/202012-24"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html","reference_id":"msg00015.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T15:10:17Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"},{"reference_url":"https://usn.ubuntu.com/4611-1/","reference_id":"USN-4611-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4611-1/"},{"reference_url":"https://usn.ubuntu.com/4931-1/","reference_id":"USN-4931-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4931-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/475613?format=json","purl":"pkg:apk/alpine/samba@4.12.9-r0?arch=aarch64&distroversion=v3.20&reponame=main","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.12.9-r0%3Farch=aarch64&distroversion=v3.20&reponame=main"}],"aliases":["CVE-2020-14383"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t35b-ur7m-vqeu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:apk/alpine/samba@4.12.9-r0%3Farch=aarch64&distroversion=v3.20&reponame=main"}