Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/4992?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/4992?format=api", "purl": "pkg:deb/debian/libarchive@3.1.2-11%2Bdeb8u3", "type": "deb", "namespace": "debian", "name": "libarchive", "version": "3.1.2-11+deb8u3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.8.7-1", "latest_non_vulnerable_version": "3.8.7-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75536?format=api", "vulnerability_id": "VCID-1zjd-nfwk-1bhy", "summary": "A vulnerability has been identified in the libarchive library. This flaw involves an 'off-by-one' miscalculation when handling prefixes and suffixes for file names. This can lead to a 1-byte write overflow. While seemingly small, such an overflow can corrupt adjacent memory, leading to unpredictable program behavior, crashes, or in specific circumstances, could be leveraged as a building block for more sophisticated exploitation. This bug affects libarchive versions prior to 3.8.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5917.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5917.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30115", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30196", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.30161", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.3013", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00117", "scoring_system": "epss", "scoring_elements": "0.301", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5917" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107626", "reference_id": "1107626", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107626" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370874", "reference_id": "2370874", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370874" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2588", "reference_id": "2588", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2588" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-5917", "reference_id": "CVE-2025-5917", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-5917" }, { "reference_url": "https://usn.ubuntu.com/7601-1/", "reference_id": "USN-7601-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7601-1/" }, { "reference_url": "https://usn.ubuntu.com/8147-1/", "reference_id": "USN-8147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8147-1/" }, { "reference_url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0", "reference_id": "v3.8.0", "reference_type": "", "scores": [ { "value": "2.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:11Z/" } ], "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2025-5917" ], "risk_score": 1.2, "exploitability": "0.5", "weighted_severity": "2.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1zjd-nfwk-1bhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75508?format=api", "vulnerability_id": "VCID-24dh-btpb-7yg5", "summary": "In Libarchive 3.4.0, archive_wstring_append_from_mbs in archive_string.c has an out-of-bounds read because of an incorrect mbrtowc or mbtowc call. For example, bsdtar crashes via a crafted archive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19221.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24818", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24913", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24902", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24845", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24787", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00086", "scoring_system": "epss", "scoring_elements": "0.24795", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-19221" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19221", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19221" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801635", "reference_id": "1801635", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1801635" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945287", "reference_id": "945287", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945287" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4443", "reference_id": "RHSA-2020:4443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4443" }, { "reference_url": "https://usn.ubuntu.com/4293-1/", "reference_id": "USN-4293-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4293-1/" }, { "reference_url": "https://usn.ubuntu.com/8147-1/", "reference_id": "USN-8147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8147-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196099?format=api", "purl": "pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-evkf-vrqz-kkca" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-19221" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-24dh-btpb-7yg5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75434?format=api", "vulnerability_id": "VCID-2ft9-vcef-dkau", "summary": "The lha_read_file_extended_header function in archive_read_support_format_lha.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap) via a crafted (1) lzh or (2) lha file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8919.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8919.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0645", "scoring_system": "epss", "scoring_elements": "0.91232", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0645", "scoring_system": "epss", "scoring_elements": "0.91244", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0645", "scoring_system": "epss", "scoring_elements": "0.91245", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0645", "scoring_system": "epss", "scoring_elements": "0.91242", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0645", "scoring_system": "epss", "scoring_elements": "0.91238", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0645", "scoring_system": "epss", "scoring_elements": "0.91253", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348414", "reference_id": "1348414", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348414" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8919" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ft9-vcef-dkau" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75532?format=api", "vulnerability_id": "VCID-2jra-hgx1-akc2", "summary": "A vulnerability has been identified in the libarchive library, specifically within the archive_read_format_rar_seek_data() function. This flaw involves an integer overflow that can ultimately lead to a double-free condition. Exploiting a double-free vulnerability can result in memory corruption, enabling an attacker to execute arbitrary code or cause a denial-of-service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5914.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5914.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29655", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29743", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29707", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29674", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29641", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5914" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5914" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107621", "reference_id": "1107621", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107621" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861", "reference_id": "2370861", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370861" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2598", "reference_id": "2598", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2598" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9", "reference_id": "cpe:/a:redhat:cert_manager:1.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:cert_manager:1.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:confidential_compute_attestation:1.10::el9", "reference_id": "cpe:/a:redhat:confidential_compute_attestation:1.10::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:confidential_compute_attestation:1.10::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9", "reference_id": "cpe:/a:redhat:openshift:4.20::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.20::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9", "reference_id": "cpe:/a:redhat:openshift_compliance_operator:1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_compliance_operator:1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "reference_id": "cpe:/a:redhat:openshift_distributed_tracing:3.5::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_distributed_tracing:3.5::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_id": "cpe:/a:redhat:openshift_file_integrity_operator:1::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_file_integrity_operator:1::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_id": "cpe:/a:redhat:openshift_serverless:1.36::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift_serverless:1.36::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9", "reference_id": "cpe:/a:redhat:webterminal:1.11::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.11::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9", "reference_id": "cpe:/a:redhat:webterminal:1.12::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:webterminal:1.12::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-5914", "reference_id": "CVE-2025-5914", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-5914" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14130", "reference_id": "RHSA-2025:14130", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14135", "reference_id": "RHSA-2025:14135", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14137", "reference_id": "RHSA-2025:14137", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14137" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14141", "reference_id": "RHSA-2025:14141", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14142", "reference_id": "RHSA-2025:14142", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14525", "reference_id": "RHSA-2025:14525", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14525" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14528", "reference_id": "RHSA-2025:14528", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14528" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14594", "reference_id": "RHSA-2025:14594", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14594" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14644", "reference_id": "RHSA-2025:14644", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14808", "reference_id": "RHSA-2025:14808", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14808" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14810", "reference_id": "RHSA-2025:14810", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14810" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:14828", "reference_id": "RHSA-2025:14828", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:14828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15024", "reference_id": "RHSA-2025:15024", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15024" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15397", "reference_id": "RHSA-2025:15397", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15397" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15709", "reference_id": "RHSA-2025:15709", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15827", "reference_id": "RHSA-2025:15827", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15827" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:15828", "reference_id": "RHSA-2025:15828", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:15828" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:16524", "reference_id": "RHSA-2025:16524", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:16524" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18217", "reference_id": "RHSA-2025:18217", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:18217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18218", "reference_id": "RHSA-2025:18218", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:18218" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:18219", "reference_id": "RHSA-2025:18219", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:18219" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19041", "reference_id": "RHSA-2025:19041", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:19046", "reference_id": "RHSA-2025:19046", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:19046" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21885", "reference_id": "RHSA-2025:21885", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:21913", "reference_id": "RHSA-2025:21913", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2025:21913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0326", "reference_id": "RHSA-2026:0326", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0326" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:0934", "reference_id": "RHSA-2026:0934", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:0934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:1541", "reference_id": "RHSA-2026:1541", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:1541" }, { "reference_url": "https://usn.ubuntu.com/7601-1/", "reference_id": "USN-7601-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7601-1/" }, { "reference_url": "https://usn.ubuntu.com/8147-1/", "reference_id": "USN-8147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8147-1/" }, { "reference_url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0", "reference_id": "v3.8.0", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T15:14:35Z/" } ], "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2025-5914" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2jra-hgx1-akc2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75507?format=api", "vulnerability_id": "VCID-2kce-56xs-abaz", "summary": "archive_read_format_rar_read_data in archive_read_support_format_rar.c in libarchive before 3.4.0 has a use-after-free in a certain ARCHIVE_FAILED situation, related to Ppmd7_DecodeSymbol.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18408.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-18408.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18408", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04588", "scoring_system": "epss", "scoring_elements": "0.89416", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04588", "scoring_system": "epss", "scoring_elements": "0.89434", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04588", "scoring_system": "epss", "scoring_elements": "0.89432", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04588", "scoring_system": "epss", "scoring_elements": "0.8945", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-18408" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18408" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769979", "reference_id": "1769979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1769979" }, { "reference_url": "https://security.gentoo.org/glsa/202003-28", "reference_id": "GLSA-202003-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0203", "reference_id": "RHSA-2020:0203", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0246", "reference_id": "RHSA-2020:0246", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0246" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0271", "reference_id": "RHSA-2020:0271", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0271" }, { "reference_url": "https://usn.ubuntu.com/4169-1/", "reference_id": "USN-4169-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4169-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/196099?format=api", "purl": "pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-evkf-vrqz-kkca" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1" } ], "aliases": [ "CVE-2019-18408" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2kce-56xs-abaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75510?format=api", "vulnerability_id": "VCID-37wa-xumu-bber", "summary": "An improper link resolution flaw can occur while extracting an archive leading to changing modes, times, access control lists, and flags of a file outside of the archive. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to gain more privileges in a system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31566.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31566.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31566", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11817", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11901", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11895", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11858", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11777", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11788", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31566" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31566" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libarchive/libarchive/commit/b41daecb5ccb4c8e3b2c53fd6147109fc12c3043" }, { "reference_url": "https://github.com/libarchive/libarchive/issues/1566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libarchive/libarchive/issues/1566" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001990", "reference_id": "1001990", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001990" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024237", "reference_id": "2024237", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024237" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-31566", "reference_id": "CVE-2021-31566", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2021-31566" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31566", "reference_id": "CVE-2021-31566", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31566" }, { "reference_url": "https://security.gentoo.org/glsa/202208-26", "reference_id": "GLSA-202208-26", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0892", "reference_id": "RHSA-2022:0892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0892" }, { "reference_url": "https://usn.ubuntu.com/5291-1/", "reference_id": "USN-5291-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5291-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196099?format=api", "purl": "pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-evkf-vrqz-kkca" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1" } ], "aliases": [ "CVE-2021-31566" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37wa-xumu-bber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75478?format=api", "vulnerability_id": "VCID-3b8j-qwkk-7yem", "summary": "libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58628", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58675", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58659", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58682", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58674", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347086", "reference_id": "1347086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347086" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-7166" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b8j-qwkk-7yem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75445?format=api", "vulnerability_id": "VCID-3cwa-fj97-mue9", "summary": "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (infinite loop) via an ISO with a directory that is a member of itself.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8930.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8930.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04803", "scoring_system": "epss", "scoring_elements": "0.89676", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04803", "scoring_system": "epss", "scoring_elements": "0.89693", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04803", "scoring_system": "epss", "scoring_elements": "0.8971", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.04803", "scoring_system": "epss", "scoring_elements": "0.89694", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04803", "scoring_system": "epss", "scoring_elements": "0.89695", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349204", "reference_id": "1349204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349204" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8930" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3cwa-fj97-mue9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6889?format=api", "vulnerability_id": "VCID-3e6j-4j26-auhz", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36976.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36976.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36976", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40948", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40977", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40997", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.40966", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41025", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00192", "scoring_system": "epss", "scoring_elements": "0.41029", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36976" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36976" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984646", "reference_id": "1984646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984646" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991442", "reference_id": "991442", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991442" }, { "reference_url": "https://security.archlinux.org/AVG-2176", "reference_id": "AVG-2176", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2176" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36976", "reference_id": "CVE-2021-36976", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36976" }, { "reference_url": "https://security.gentoo.org/glsa/202208-26", "reference_id": "GLSA-202208-26", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-26" }, { "reference_url": "https://usn.ubuntu.com/5291-1/", "reference_id": "USN-5291-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5291-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2021-36976" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3e6j-4j26-auhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52276?format=api", "vulnerability_id": "VCID-3tqx-5ms2-akg3", "summary": "Improper Input Validation\n`archive_read_support_format_rar5.c` in libarchive attempts to unpack a RAR5 file with an invalid or corrupted header (such as a header size of zero), leading to a `SIGSEGV` or possibly unspecified other impact.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9308.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-9308.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9308", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72365", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72406", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72412", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72393", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72379", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00699", "scoring_system": "epss", "scoring_elements": "0.72403", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-9308" }, { "reference_url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20459" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9308" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805963", "reference_id": "1805963", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1805963" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951759", "reference_id": "951759", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=951759" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9308", "reference_id": "CVE-2020-9308", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9308" }, { "reference_url": "https://security.gentoo.org/glsa/202003-28", "reference_id": "GLSA-202003-28", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-28" }, { "reference_url": "https://usn.ubuntu.com/4293-1/", "reference_id": "USN-4293-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4293-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196099?format=api", "purl": "pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-evkf-vrqz-kkca" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1" } ], "aliases": [ "CVE-2020-9308" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3tqx-5ms2-akg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75443?format=api", "vulnerability_id": "VCID-4hvy-whmq-53ft", "summary": "The process_add_entry function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8928.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8928.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53023", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53084", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53048", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53091", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.53073", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348429", "reference_id": "1348429", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348429" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8928" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hvy-whmq-53ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6184?format=api", "vulnerability_id": "VCID-4t89-41bc-3ba8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000020.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000020.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1000020", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00903", "scoring_system": "epss", "scoring_elements": "0.7609", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00903", "scoring_system": "epss", "scoring_elements": "0.76121", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00903", "scoring_system": "epss", "scoring_elements": "0.76108", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00903", "scoring_system": "epss", "scoring_elements": "0.76096", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00903", "scoring_system": "epss", "scoring_elements": "0.76116", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1000020" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000020", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000020" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672888", "reference_id": "1672888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672888" }, { "reference_url": "https://security.archlinux.org/ASA-201906-21", "reference_id": "ASA-201906-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-21" }, { "reference_url": "https://security.archlinux.org/AVG-837", "reference_id": "AVG-837", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2298", "reference_id": "RHSA-2019:2298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3698", "reference_id": "RHSA-2019:3698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3698" }, { "reference_url": "https://usn.ubuntu.com/3884-1/", "reference_id": "USN-3884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3884-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-1000020" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4t89-41bc-3ba8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75451?format=api", "vulnerability_id": "VCID-5rvq-dzxr-ckb7", "summary": "The copy_from_lzss_window function in archive_read_support_format_rar.c in libarchive 3.2.0 and earlier allows remote attackers to cause a denial of service (out-of-bounds heap read) via a crafted rar file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56557", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.5661", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56616", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56605", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.5659", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00335", "scoring_system": "epss", "scoring_elements": "0.56608", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349229", "reference_id": "1349229", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1349229" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8934" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rvq-dzxr-ckb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75459?format=api", "vulnerability_id": "VCID-5tcn-ytvt-23bk", "summary": "Heap-based buffer overflow in the zip_read_mac_metadata function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to execute arbitrary code via crafted entry-size values in a ZIP archive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1541.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1541.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1541", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12269", "scoring_system": "epss", "scoring_elements": "0.93989", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.12269", "scoring_system": "epss", "scoring_elements": "0.93997", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.12269", "scoring_system": "epss", "scoring_elements": "0.94003", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.12269", "scoring_system": "epss", "scoring_elements": "0.93996", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.12269", "scoring_system": "epss", "scoring_elements": "0.93998", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1541" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1541" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334211", "reference_id": "1334211", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1334211" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823893", "reference_id": "823893", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=823893" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/2981-1/", "reference_id": "USN-2981-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2981-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-1541" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5tcn-ytvt-23bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75534?format=api", "vulnerability_id": "VCID-6fu1-u451-13bk", "summary": "A vulnerability has been identified in the libarchive library. This flaw involves an integer overflow that can be triggered when processing a Web Archive (WARC) file that claims to have more than INT64_MAX - 4 content bytes. An attacker could craft a malicious WARC archive to induce this overflow, potentially leading to unpredictable program behavior, memory corruption, or a denial-of-service condition within applications that process such archives using libarchive. This bug affects libarchive versions prior to 3.8.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27457", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27588", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27537", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.27499", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.2745", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5916" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107623", "reference_id": "1107623", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107623" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370872", "reference_id": "2370872", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370872" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2568", "reference_id": "2568", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2568" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-5916", "reference_id": "CVE-2025-5916", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-5916" }, { "reference_url": "https://usn.ubuntu.com/7601-1/", "reference_id": "USN-7601-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7601-1/" }, { "reference_url": "https://usn.ubuntu.com/8147-1/", "reference_id": "USN-8147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8147-1/" }, { "reference_url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0", "reference_id": "v3.8.0", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T14:03:44Z/" } ], "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2025-5916" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fu1-u451-13bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75468?format=api", "vulnerability_id": "VCID-8mvg-64ae-37b7", "summary": "The archive_read_format_cpio_read_header function in archive_read_support_format_cpio.c in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a CPIO archive with a large symlink.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4809.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4809.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0313", "scoring_system": "epss", "scoring_elements": "0.87101", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0313", "scoring_system": "epss", "scoring_elements": "0.87123", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0313", "scoring_system": "epss", "scoring_elements": "0.87112", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0313", "scoring_system": "epss", "scoring_elements": "0.87121", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0313", "scoring_system": "epss", "scoring_elements": "0.87116", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347084", "reference_id": "1347084", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347084" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-4809" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8mvg-64ae-37b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75465?format=api", "vulnerability_id": "VCID-at9e-fmp1-efcy", "summary": "Heap-based buffer overflow in the parse_codes function in archive_read_support_format_rar.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a RAR file with a zero-sized dictionary.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81214", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81242", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81244", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81241", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81237", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01463", "scoring_system": "epss", "scoring_elements": "0.81254", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348444", "reference_id": "1348444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348444" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-4302" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-at9e-fmp1-efcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64801?format=api", "vulnerability_id": "VCID-b72d-fhvw-nqb2", "summary": "libarchive: libarchive: Information disclosure via heap out-of-bounds read in RAR archive processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4424.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4424.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4424", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27209", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27338", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27287", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27247", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27199", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4424" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4424", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4424" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131446", "reference_id": "1131446", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131446" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006", "reference_id": "2449006", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449006" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2898", "reference_id": "2898", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2898" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9", "reference_id": "cpe:/a:redhat:rhui:5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4424", "reference_id": "CVE-2026-4424", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4424" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10097", "reference_id": "RHSA-2026:10097", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:10097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11768", "reference_id": "RHSA-2026:11768", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:11768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12071", "reference_id": "RHSA-2026:12071", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:12071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12274", "reference_id": "RHSA-2026:12274", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:12274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13812", "reference_id": "RHSA-2026:13812", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:13812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14773", "reference_id": "RHSA-2026:14773", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:14773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14937", "reference_id": "RHSA-2026:14937", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15087", "reference_id": "RHSA-2026:15087", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:15087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16008", "reference_id": "RHSA-2026:16008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16009", "reference_id": "RHSA-2026:16009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16030", "reference_id": "RHSA-2026:16030", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17596", "reference_id": "RHSA-2026:17596", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:17596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19724", "reference_id": "RHSA-2026:19724", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:19724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19725", "reference_id": "RHSA-2026:19725", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:19725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20040", "reference_id": "RHSA-2026:20040", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:20040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21690", "reference_id": "RHSA-2026:21690", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:21690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8492", "reference_id": "RHSA-2026:8492", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8510", "reference_id": "RHSA-2026:8510", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8517", "reference_id": "RHSA-2026:8517", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8521", "reference_id": "RHSA-2026:8521", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8534", "reference_id": "RHSA-2026:8534", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8864", "reference_id": "RHSA-2026:8864", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8865", "reference_id": "RHSA-2026:8865", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8866", "reference_id": "RHSA-2026:8866", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8867", "reference_id": "RHSA-2026:8867", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8873", "reference_id": "RHSA-2026:8873", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8908", "reference_id": "RHSA-2026:8908", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8908" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8944", "reference_id": "RHSA-2026:8944", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9026", "reference_id": "RHSA-2026:9026", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:9026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9592", "reference_id": "RHSA-2026:9592", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:9592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9832", "reference_id": "RHSA-2026:9832", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-19T17:07:05Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:9832" }, { "reference_url": "https://usn.ubuntu.com/8292-1/", "reference_id": "USN-8292-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8292-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-4424" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b72d-fhvw-nqb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75456?format=api", "vulnerability_id": "VCID-bb9k-aw7s-gqg9", "summary": "The archive_read_format_cab_read_header function in archive_read_support_format_cab.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10350.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10350.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00986", "scoring_system": "epss", "scoring_elements": "0.77184", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00986", "scoring_system": "epss", "scoring_elements": "0.77216", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00986", "scoring_system": "epss", "scoring_elements": "0.77205", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00986", "scoring_system": "epss", "scoring_elements": "0.77226", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00986", "scoring_system": "epss", "scoring_elements": "0.77214", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449530", "reference_id": "1449530", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449530" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609", "reference_id": "861609", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609" }, { "reference_url": "https://security.gentoo.org/glsa/201710-19", "reference_id": "GLSA-201710-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-19" }, { "reference_url": "https://usn.ubuntu.com/3736-1/", "reference_id": "USN-3736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2016-10350" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bb9k-aw7s-gqg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75476?format=api", "vulnerability_id": "VCID-cny6-pqmg-kba4", "summary": "Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6250.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6250.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86179", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.862", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86186", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86203", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86198", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347085", "reference_id": "1347085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347085" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-6250" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cny6-pqmg-kba4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64042?format=api", "vulnerability_id": "VCID-d7x6-bkm5-nbbb", "summary": "libarchive: libarchive: Arbitrary code execution via integer overflow in ISO9660 image processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17663", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.17566", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1755", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00055", "scoring_system": "epss", "scoring_elements": "0.1763", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.20269", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5121" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5121", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5121" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133002", "reference_id": "1133002", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1133002" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945", "reference_id": "2452945", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2452945" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2934", "reference_id": "2934", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2934" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb", "reference_id": "cpe:/a:redhat:enterprise_linux:8::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8", "reference_id": "cpe:/a:redhat:openshift:4.12::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.12::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8", "reference_id": "cpe:/a:redhat:rhosemc:1.0::el8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhosemc:1.0::el8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9", "reference_id": "cpe:/a:redhat:rhui:5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_aus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_aus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:8.8::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7", "reference_id": "cpe:/o:redhat:rhel_els:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_els:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus_long_life:8.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus_long_life:8.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.6::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_id": "cpe:/o:redhat:rhel_tus:8.8::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_tus:8.8::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-5121", "reference_id": "CVE-2026-5121", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-5121" }, { "reference_url": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc", "reference_id": "GHSA-2vwv-vqpv-v8vc", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://github.com/advisories/GHSA-2vwv-vqpv-v8vc" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10097", "reference_id": "RHSA-2026:10097", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:10097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:11768", "reference_id": "RHSA-2026:11768", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:11768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12071", "reference_id": "RHSA-2026:12071", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:12071" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12274", "reference_id": "RHSA-2026:12274", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:12274" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:13812", "reference_id": "RHSA-2026:13812", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:13812" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14773", "reference_id": "RHSA-2026:14773", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:14773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14937", "reference_id": "RHSA-2026:14937", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:14937" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15087", "reference_id": "RHSA-2026:15087", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:15087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16008", "reference_id": "RHSA-2026:16008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16009", "reference_id": "RHSA-2026:16009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16030", "reference_id": "RHSA-2026:16030", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16030" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17596", "reference_id": "RHSA-2026:17596", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:17596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19724", "reference_id": "RHSA-2026:19724", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:19724" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19725", "reference_id": "RHSA-2026:19725", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:19725" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:20040", "reference_id": "RHSA-2026:20040", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:20040" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:21690", "reference_id": "RHSA-2026:21690", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:21690" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8510", "reference_id": "RHSA-2026:8510", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8510" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8517", "reference_id": "RHSA-2026:8517", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8521", "reference_id": "RHSA-2026:8521", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8521" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8534", "reference_id": "RHSA-2026:8534", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8864", "reference_id": "RHSA-2026:8864", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8864" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8866", "reference_id": "RHSA-2026:8866", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8866" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8867", "reference_id": "RHSA-2026:8867", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8867" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8873", "reference_id": "RHSA-2026:8873", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8908", "reference_id": "RHSA-2026:8908", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8908" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8944", "reference_id": "RHSA-2026:8944", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9026", "reference_id": "RHSA-2026:9026", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:9026" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9592", "reference_id": "RHSA-2026:9592", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:9592" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9832", "reference_id": "RHSA-2026:9832", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2026-03-31T03:55:34Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:9832" }, { "reference_url": "https://usn.ubuntu.com/8292-1/", "reference_id": "USN-8292-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8292-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-5121" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d7x6-bkm5-nbbb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75483?format=api", "vulnerability_id": "VCID-ds4r-cxqd-33c4", "summary": "libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0229", "scoring_system": "epss", "scoring_elements": "0.85005", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0229", "scoring_system": "epss", "scoring_elements": "0.85029", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0229", "scoring_system": "epss", "scoring_elements": "0.85018", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0229", "scoring_system": "epss", "scoring_elements": "0.85033", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0229", "scoring_system": "epss", "scoring_elements": "0.85028", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489852", "reference_id": "1489852", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1489852" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874539", "reference_id": "874539", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874539" }, { "reference_url": "https://security.gentoo.org/glsa/201908-11", "reference_id": "GLSA-201908-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-11" }, { "reference_url": "https://usn.ubuntu.com/3736-1/", "reference_id": "USN-3736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2017-14166" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ds4r-cxqd-33c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75480?format=api", "vulnerability_id": "VCID-eah1-4b6g-2ban", "summary": "Stack-based buffer overflow in the safe_fprintf function in tar/util.c in libarchive 3.2.1 allows remote attackers to cause a denial of service via a crafted non-printable multibyte character in a filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8687.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8687.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8687", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01379", "scoring_system": "epss", "scoring_elements": "0.80601", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01379", "scoring_system": "epss", "scoring_elements": "0.80642", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01379", "scoring_system": "epss", "scoring_elements": "0.80626", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01379", "scoring_system": "epss", "scoring_elements": "0.80623", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01379", "scoring_system": "epss", "scoring_elements": "0.80627", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01379", "scoring_system": "epss", "scoring_elements": "0.80629", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8687" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8687" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" }, { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377926", "reference_id": "1377926", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377926" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840936", "reference_id": "840936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840936" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-8687" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eah1-4b6g-2ban" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75484?format=api", "vulnerability_id": "VCID-g4hd-5kt2-wuc1", "summary": "An out-of-bounds read flaw exists in parse_file_info in archive_read_support_format_iso9660.c in libarchive 3.3.2 when extracting a specially crafted iso9660 iso file, related to archive_read_format_iso9660_read_header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14501.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14501.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00611", "scoring_system": "epss", "scoring_elements": "0.7019", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00611", "scoring_system": "epss", "scoring_elements": "0.70235", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00611", "scoring_system": "epss", "scoring_elements": "0.70224", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00611", "scoring_system": "epss", "scoring_elements": "0.70212", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00611", "scoring_system": "epss", "scoring_elements": "0.70233", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00611", "scoring_system": "epss", "scoring_elements": "0.70241", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494460", "reference_id": "1494460", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494460" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875966", "reference_id": "875966", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875966" }, { "reference_url": "https://security.gentoo.org/glsa/201908-11", "reference_id": "GLSA-201908-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-11" }, { "reference_url": "https://usn.ubuntu.com/3736-1/", "reference_id": "USN-3736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2017-14501" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4hd-5kt2-wuc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75470?format=api", "vulnerability_id": "VCID-g5gx-6cyn-wkda", "summary": "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88316", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88301", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90135", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90134", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90132", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90119", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", "reference_id": "1362601", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714", "reference_id": "837714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1852", "reference_id": "RHSA-2016:1852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1853", "reference_id": "RHSA-2016:1853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1853" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-5418" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5gx-6cyn-wkda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6189?format=api", "vulnerability_id": "VCID-gu6c-aam9-9bfs", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000877.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000877.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01775", "scoring_system": "epss", "scoring_elements": "0.83045", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01775", "scoring_system": "epss", "scoring_elements": "0.83022", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01775", "scoring_system": "epss", "scoring_elements": "0.83037", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01775", "scoring_system": "epss", "scoring_elements": "0.83049", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663887", "reference_id": "1663887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663887" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916964", "reference_id": "916964", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916964" }, { "reference_url": "https://security.archlinux.org/ASA-201906-21", "reference_id": "ASA-201906-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-21" }, { "reference_url": "https://security.archlinux.org/AVG-837", "reference_id": "AVG-837", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2298", "reference_id": "RHSA-2019:2298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3698", "reference_id": "RHSA-2019:3698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3698" }, { "reference_url": "https://usn.ubuntu.com/3859-1/", "reference_id": "USN-3859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1000877" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gu6c-aam9-9bfs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75428?format=api", "vulnerability_id": "VCID-gudt-ehk8-4uf4", "summary": "bsdcpio in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read and crash) via crafted cpio file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8915.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.6217", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.6216", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62162", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62113", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62158", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00418", "scoring_system": "epss", "scoring_elements": "0.62143", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8915" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8915" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216891", "reference_id": "1216891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1216891" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784213", "reference_id": "784213", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784213" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8915" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gudt-ehk8-4uf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6185?format=api", "vulnerability_id": "VCID-gue4-gwmq-cud9", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000019.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-1000019.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1000019", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.83135", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.83162", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.83156", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.8315", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.8316", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01801", "scoring_system": "epss", "scoring_elements": "0.83161", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-1000019" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000019", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1000019" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672892", "reference_id": "1672892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1672892" }, { "reference_url": "https://security.archlinux.org/ASA-201906-21", "reference_id": "ASA-201906-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-21" }, { "reference_url": "https://security.archlinux.org/AVG-837", "reference_id": "AVG-837", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2298", "reference_id": "RHSA-2019:2298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3698", "reference_id": "RHSA-2019:3698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3698" }, { "reference_url": "https://usn.ubuntu.com/3884-1/", "reference_id": "USN-3884-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3884-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2019-1000019" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gue4-gwmq-cud9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75438?format=api", "vulnerability_id": "VCID-her3-2ts6-tqcy", "summary": "The process_extra function in libarchive before 3.2.0 uses the size field and a signed number in an offset, which allows remote attackers to cause a denial of service (crash) via a crafted zip file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84781", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84805", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84809", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84803", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84792", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02215", "scoring_system": "epss", "scoring_elements": "0.84806", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348773", "reference_id": "1348773", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348773" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8923" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-her3-2ts6-tqcy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75487?format=api", "vulnerability_id": "VCID-hg9d-v158-mkc1", "summary": "An error in the lha_read_file_header_1() function (archive_read_support_format_lha.c) in libarchive 3.2.2 allows remote attackers to trigger an out-of-bounds read memory access and subsequently cause a crash via a specially crafted archive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5601.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5601.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5601", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00982", "scoring_system": "epss", "scoring_elements": "0.77129", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00982", "scoring_system": "epss", "scoring_elements": "0.77171", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00982", "scoring_system": "epss", "scoring_elements": "0.77159", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00982", "scoring_system": "epss", "scoring_elements": "0.77149", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00982", "scoring_system": "epss", "scoring_elements": "0.7716", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00982", "scoring_system": "epss", "scoring_elements": "0.7717", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5601" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417912", "reference_id": "1417912", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1417912" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278", "reference_id": "853278", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=853278" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2017-5601" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hg9d-v158-mkc1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75446?format=api", "vulnerability_id": "VCID-hxfa-y27q-ebbd", "summary": "Multiple integer overflows in the (1) get_time_t_max and (2) get_time_t_min functions in archive_read_support_format_mtree.c in libarchive before 3.2.0 allow remote attackers to have unspecified impact via a crafted mtree file, which triggers undefined behavior.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8931.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8931.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50498", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50559", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50567", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50547", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50517", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00268", "scoring_system": "epss", "scoring_elements": "0.50534", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348779", "reference_id": "1348779", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348779" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8931" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hxfa-y27q-ebbd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6187?format=api", "vulnerability_id": "VCID-jpyc-ymx3-uuhh", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000879.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000879.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000879", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72163", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72203", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.7219", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72177", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72204", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00689", "scoring_system": "epss", "scoring_elements": "0.72211", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000879" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000879", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000879" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663890", "reference_id": "1663890", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663890" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916962", "reference_id": "916962", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916962" }, { "reference_url": "https://security.archlinux.org/ASA-201906-21", "reference_id": "ASA-201906-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-21" }, { "reference_url": "https://security.archlinux.org/AVG-837", "reference_id": "AVG-837", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-837" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1000879" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jpyc-ymx3-uuhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6188?format=api", "vulnerability_id": "VCID-k2jw-vx9c-1bg3", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000878.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000878.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0171", "scoring_system": "epss", "scoring_elements": "0.82673", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0171", "scoring_system": "epss", "scoring_elements": "0.82703", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.0171", "scoring_system": "epss", "scoring_elements": "0.82697", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0171", "scoring_system": "epss", "scoring_elements": "0.82691", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0171", "scoring_system": "epss", "scoring_elements": "0.82701", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0171", "scoring_system": "epss", "scoring_elements": "0.82699", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663889", "reference_id": "1663889", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663889" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916963", "reference_id": "916963", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916963" }, { "reference_url": "https://security.archlinux.org/ASA-201906-21", "reference_id": "ASA-201906-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-21" }, { "reference_url": "https://security.archlinux.org/AVG-837", "reference_id": "AVG-837", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2298", "reference_id": "RHSA-2019:2298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3698", "reference_id": "RHSA-2019:3698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3698" }, { "reference_url": "https://usn.ubuntu.com/3859-1/", "reference_id": "USN-3859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1000878" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2jw-vx9c-1bg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75537?format=api", "vulnerability_id": "VCID-k366-b845-abfj", "summary": "A vulnerability has been identified in the libarchive library. This flaw can be triggered when file streams are piped into bsdtar, potentially allowing for reading past the end of the file. This out-of-bounds read can lead to unintended consequences, including unpredictable program behavior, memory corruption, or a denial-of-service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5918.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5918.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5918", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29499", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29551", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29518", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29486", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-5918" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-5918" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107624", "reference_id": "1107624", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1107624" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370877", "reference_id": "2370877", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2370877" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2584", "reference_id": "2584", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2584" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-5918", "reference_id": "CVE-2025-5918", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2025-5918" }, { "reference_url": "https://usn.ubuntu.com/8147-1/", "reference_id": "USN-8147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8147-1/" }, { "reference_url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0", "reference_id": "v3.8.0", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-10T13:44:05Z/" } ], "url": "https://github.com/libarchive/libarchive/releases/tag/v3.8.0" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2025-5918" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k366-b845-abfj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75482?format=api", "vulnerability_id": "VCID-kgdg-2t87-e7by", "summary": "The read_Header function in archive_read_support_format_7zip.c in libarchive 3.2.1 allows remote attackers to cause a denial of service (out-of-bounds read) via multiple EmptyStream attributes in a header in a 7zip archive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8689.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8689.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8689", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01118", "scoring_system": "epss", "scoring_elements": "0.78563", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01118", "scoring_system": "epss", "scoring_elements": "0.78589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01118", "scoring_system": "epss", "scoring_elements": "0.78597", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01118", "scoring_system": "epss", "scoring_elements": "0.78588", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01118", "scoring_system": "epss", "scoring_elements": "0.78576", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01118", "scoring_system": "epss", "scoring_elements": "0.78594", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8689" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8689" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377925", "reference_id": "1377925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377925" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840934", "reference_id": "840934", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840934" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-8689" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kgdg-2t87-e7by" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75431?format=api", "vulnerability_id": "VCID-mag5-4n4u-37en", "summary": "bsdtar in libarchive before 3.2.0 returns a success code without filling the entry when the header is a \"split file in multivolume RAR,\" which allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted rar file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77011", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77044", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77053", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77041", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77031", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00973", "scoring_system": "epss", "scoring_elements": "0.77052", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348412", "reference_id": "1348412", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348412" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8916" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mag5-4n4u-37en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75481?format=api", "vulnerability_id": "VCID-mtev-kqrn-hybv", "summary": "The mtree bidder in libarchive 3.2.1 does not keep track of line sizes when extending the read-ahead, which allows remote attackers to cause a denial of service (crash) via a crafted file, which triggers an invalid read in the (1) detect_form or (2) bid_entry function in libarchive/archive_read_support_format_mtree.c.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8688.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8688.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8688", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45439", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45508", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45511", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45491", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45466", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00226", "scoring_system": "epss", "scoring_elements": "0.45479", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8688" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8688" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377923", "reference_id": "1377923", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1377923" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840935", "reference_id": "840935", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=840935" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-8688" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtev-kqrn-hybv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75441?format=api", "vulnerability_id": "VCID-n336-t2eq-e3cs", "summary": "The archive_read_format_rar_read_data function in archive_read_support_format_rar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted rar archive.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8926.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8926.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61598", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61646", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61653", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61642", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61626", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00409", "scoring_system": "epss", "scoring_elements": "0.61644", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348424", "reference_id": "1348424", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348424" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8926" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n336-t2eq-e3cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75442?format=api", "vulnerability_id": "VCID-n352-9wrh-rqgc", "summary": "The trad_enc_decrypt_update function in archive_read_support_format_zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds heap read and crash) via a crafted zip file, related to reading the password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44851", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.4492", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44927", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44906", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44877", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00222", "scoring_system": "epss", "scoring_elements": "0.44888", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8927" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348426", "reference_id": "1348426", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348426" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8927" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n352-9wrh-rqgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6186?format=api", "vulnerability_id": "VCID-n56c-gd3f-1ba1", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000880.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000880.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67859", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67897", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67895", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67882", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67898", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00537", "scoring_system": "epss", "scoring_elements": "0.67905", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000880" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663892", "reference_id": "1663892", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1663892" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916960", "reference_id": "916960", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916960" }, { "reference_url": "https://security.archlinux.org/ASA-201906-21", "reference_id": "ASA-201906-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201906-21" }, { "reference_url": "https://security.archlinux.org/AVG-837", "reference_id": "AVG-837", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-837" }, { "reference_url": "https://usn.ubuntu.com/3859-1/", "reference_id": "USN-3859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2018-1000880" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n56c-gd3f-1ba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42792?format=api", "vulnerability_id": "VCID-nrdr-yd3k-sybt", "summary": "Out-of-bounds Read\nLibarchive v3.6.0 was discovered to contain an out-of-bounds read via the component zipx_lzma_alone_init.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26280.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26280.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26280", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30874", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30941", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30909", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30875", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30843", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00122", "scoring_system": "epss", "scoring_elements": "0.30862", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26280" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26280", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26280" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libarchive/libarchive/issues/1672", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libarchive/libarchive/issues/1672" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008953", "reference_id": "1008953", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1008953" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071931", "reference_id": "2071931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2071931" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26280", "reference_id": "CVE-2022-26280", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26280" }, { "reference_url": "https://security.gentoo.org/glsa/202208-26", "reference_id": "GLSA-202208-26", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5252", "reference_id": "RHSA-2022:5252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5252" }, { "reference_url": "https://usn.ubuntu.com/5374-1/", "reference_id": "USN-5374-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5374-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2022-26280" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nrdr-yd3k-sybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75447?format=api", "vulnerability_id": "VCID-ntqh-jfsf-a7hy", "summary": "The compress_bidder_init function in archive_read_support_filter_compress.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file, which triggers an invalid left shift.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8932.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8932.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68712", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68752", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68756", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.6876", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00562", "scoring_system": "epss", "scoring_elements": "0.68736", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348780", "reference_id": "1348780", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348780" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8932" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ntqh-jfsf-a7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75486?format=api", "vulnerability_id": "VCID-pbqy-fdhh-83ea", "summary": "libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_format_lha.c when extracting a specially crafted lha archive, related to lha_crc16.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14503.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14503.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71552", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71583", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71578", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71563", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71596", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00662", "scoring_system": "epss", "scoring_elements": "0.71602", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494449", "reference_id": "1494449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494449" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875960", "reference_id": "875960", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875960" }, { "reference_url": "https://security.gentoo.org/glsa/201908-11", "reference_id": "GLSA-201908-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-11" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2298", "reference_id": "RHSA-2019:2298", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2298" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3698", "reference_id": "RHSA-2019:3698", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3698" }, { "reference_url": "https://usn.ubuntu.com/3736-1/", "reference_id": "USN-3736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2017-14503" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pbqy-fdhh-83ea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75439?format=api", "vulnerability_id": "VCID-pusd-k7nk-tbfc", "summary": "The archive_read_format_tar_read_header function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted tar file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8924.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8924.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55854", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.5591", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55917", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55904", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55887", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00326", "scoring_system": "epss", "scoring_elements": "0.55908", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348421", "reference_id": "1348421", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348421" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8924" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pusd-k7nk-tbfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75485?format=api", "vulnerability_id": "VCID-qbww-6cd7-gyb8", "summary": "read_header in archive_read_support_format_rar.c in libarchive 3.3.2 suffers from an off-by-one error for UTF-16 names in RAR archives, leading to an out-of-bounds read in archive_read_format_rar_read_header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14502.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.79181", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.79193", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.79212", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.79204", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01191", "scoring_system": "epss", "scoring_elements": "0.79207", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494463", "reference_id": "1494463", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1494463" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875974", "reference_id": "875974", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875974" }, { "reference_url": "https://security.gentoo.org/glsa/201908-11", "reference_id": "GLSA-201908-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-11" }, { "reference_url": "https://usn.ubuntu.com/3859-1/", "reference_id": "USN-3859-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3859-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2017-14502" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qbww-6cd7-gyb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75448?format=api", "vulnerability_id": "VCID-qcu6-e115-mfh5", "summary": "Integer overflow in the archive_read_format_tar_skip function in archive_read_support_format_tar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (crash) via a crafted tar file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8933.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8933.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54513", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54571", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.5455", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.5458", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00311", "scoring_system": "epss", "scoring_elements": "0.54572", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348781", "reference_id": "1348781", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348781" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8933" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qcu6-e115-mfh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/64803?format=api", "vulnerability_id": "VCID-qfaz-th5k-u3f3", "summary": "libarchive: libarchive: Denial of Service via malformed ISO file processing", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4426.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4426.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4426", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40057", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40093", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40096", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.40068", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00185", "scoring_system": "epss", "scoring_elements": "0.4004", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4426" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4426", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4426" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131444", "reference_id": "1131444", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1131444" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449010", "reference_id": "2449010", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2449010" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2897", "reference_id": "2897", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2897" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4", "reference_id": "cpe:/a:redhat:openshift:4", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10", "reference_id": "cpe:/o:redhat:enterprise_linux:10", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9", "reference_id": "cpe:/o:redhat:enterprise_linux:9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4426", "reference_id": "CVE-2026-4426", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4426" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8944", "reference_id": "RHSA-2026:8944", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-20T15:19:10Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "reference_url": "https://usn.ubuntu.com/8292-1/", "reference_id": "USN-8292-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8292-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-4426" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qfaz-th5k-u3f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75509?format=api", "vulnerability_id": "VCID-tmbf-p5xx-nfak", "summary": "An improper link resolution flaw while extracting an archive can lead to changing the access control list (ACL) of the target of the link. An attacker may provide a malicious archive to a victim user, who would trigger this flaw when trying to extract the archive. A local attacker may use this flaw to change the ACL of a file on the system and gain more privileges.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23177.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.1305", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13129", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13132", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13092", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13004", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00042", "scoring_system": "epss", "scoring_elements": "0.13035", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23177" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libarchive/libarchive/commit/fba4f123cc456d2b2538f811bb831483bf336bad" }, { "reference_url": "https://github.com/libarchive/libarchive/issues/1565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libarchive/libarchive/issues/1565" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001986", "reference_id": "1001986", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001986" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024245", "reference_id": "2024245", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024245" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-23177", "reference_id": "CVE-2021-23177", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2021-23177" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23177", "reference_id": "CVE-2021-23177", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23177" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0892", "reference_id": "RHSA-2022:0892", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0892" }, { "reference_url": "https://usn.ubuntu.com/5291-1/", "reference_id": "USN-5291-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5291-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196099?format=api", "purl": "pkg:deb/debian/libarchive@3.4.3-2%2Bdeb11u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-evkf-vrqz-kkca" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.4.3-2%252Bdeb11u1" } ], "aliases": [ "CVE-2021-23177" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tmbf-p5xx-nfak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75435?format=api", "vulnerability_id": "VCID-vsfx-3gzq-1qhv", "summary": "The _ar_read_header function in archive_read_support_format_ar.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds stack read) via a crafted ar file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8920.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8920.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68546", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68588", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68596", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68589", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68574", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00557", "scoring_system": "epss", "scoring_elements": "0.68592", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348416", "reference_id": "1348416", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348416" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8920" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vsfx-3gzq-1qhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75436?format=api", "vulnerability_id": "VCID-wqbs-kff4-1qc3", "summary": "The ae_strtofflags function in archive_entry.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted mtree file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8921.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8921.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04252", "scoring_system": "epss", "scoring_elements": "0.88994", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04252", "scoring_system": "epss", "scoring_elements": "0.89011", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.04252", "scoring_system": "epss", "scoring_elements": "0.89012", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04252", "scoring_system": "epss", "scoring_elements": "0.89028", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348772", "reference_id": "1348772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348772" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8921" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqbs-kff4-1qc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75432?format=api", "vulnerability_id": "VCID-wwkh-5ser-f7hq", "summary": "bsdtar in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an invalid character in the name of a cab file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8917.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8917.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05663", "scoring_system": "epss", "scoring_elements": "0.90536", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05663", "scoring_system": "epss", "scoring_elements": "0.9055", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05663", "scoring_system": "epss", "scoring_elements": "0.90551", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05663", "scoring_system": "epss", "scoring_elements": "0.90548", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05663", "scoring_system": "epss", "scoring_elements": "0.90547", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05663", "scoring_system": "epss", "scoring_elements": "0.90564", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348413", "reference_id": "1348413", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348413" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8917" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wwkh-5ser-f7hq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75513?format=api", "vulnerability_id": "VCID-x436-na6m-ubd9", "summary": "Windows libarchive Remote Code Execution Vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20696.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-20696.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20696", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07709", "scoring_system": "epss", "scoring_elements": "0.9209", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.07709", "scoring_system": "epss", "scoring_elements": "0.92077", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07709", "scoring_system": "epss", "scoring_elements": "0.92075", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.07709", "scoring_system": "epss", "scoring_elements": "0.92076", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07709", "scoring_system": "epss", "scoring_elements": "0.9208", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-20696" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20696" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086155", "reference_id": "1086155", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086155" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290448", "reference_id": "2290448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2290448" }, { "reference_url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696", "reference_id": "CVE-2024-20696", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-10T18:52:38Z/" } ], "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-20696" }, { "reference_url": "https://usn.ubuntu.com/7087-1/", "reference_id": "USN-7087-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7087-1/" }, { "reference_url": "https://usn.ubuntu.com/8147-1/", "reference_id": "USN-8147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8147-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2024-20696" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x436-na6m-ubd9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75461?format=api", "vulnerability_id": "VCID-xw2b-7t64-z3bm", "summary": "Integer overflow in the read_SubStreamsInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a 7zip file with a large number of substreams, which triggers a heap-based buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4300.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78425", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78453", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78461", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78451", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78439", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01105", "scoring_system": "epss", "scoring_elements": "0.78457", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348439", "reference_id": "1348439", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348439" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-4300" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw2b-7t64-z3bm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75440?format=api", "vulnerability_id": "VCID-xybq-93sp-qker", "summary": "The readline function in archive_read_support_format_mtree.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (invalid read) via a crafted mtree file, related to newline parsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8925.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8925.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66584", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66624", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66631", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66617", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66602", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66619", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348423", "reference_id": "1348423", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348423" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8925" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xybq-93sp-qker" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75452?format=api", "vulnerability_id": "VCID-y61v-j3s4-qycm", "summary": "The archive_wstring_append_from_mbs function in archive_string.c in libarchive 3.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted archive file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10209.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10209.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74336", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74369", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74374", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74362", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74344", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.7437", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439703", "reference_id": "1439703", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1439703" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859456", "reference_id": "859456", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=859456" }, { "reference_url": "https://usn.ubuntu.com/3736-1/", "reference_id": "USN-3736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2016-10209" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y61v-j3s4-qycm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75437?format=api", "vulnerability_id": "VCID-y7z2-cxzp-6fbz", "summary": "The read_CodersInfo function in archive_read_support_format_7zip.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a crafted 7z file, related to the _7z_folder struct.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60045", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60092", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60095", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60083", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60066", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00385", "scoring_system": "epss", "scoring_elements": "0.60084", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348419", "reference_id": "1348419", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348419" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8922" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y7z2-cxzp-6fbz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75444?format=api", "vulnerability_id": "VCID-yn2q-9svn-vucq", "summary": "Memory leak in the __archive_read_get_extract function in archive_read_extract2.c in libarchive before 3.2.0 allows remote attackers to cause a denial of service via a tar file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8929.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8929.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48865", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48927", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48935", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48917", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48887", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00254", "scoring_system": "epss", "scoring_elements": "0.48901", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8929" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348771", "reference_id": "1348771", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348771" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2015-8929" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yn2q-9svn-vucq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65108?format=api", "vulnerability_id": "VCID-yr95-zhhd-sfet", "summary": "libarchive: Infinite Loop Denial of Service in RAR5 Decompression via archive_read_data() in libarchive", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4111.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4111.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11287", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11394", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1139", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11355", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11272", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4111" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4111" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130753", "reference_id": "1130753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130753" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453", "reference_id": "2446453", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446453" }, { "reference_url": "https://github.com/libarchive/libarchive/pull/2877", "reference_id": "2877", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://github.com/libarchive/libarchive/pull/2877" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_id": "cpe:/a:redhat:ai_inference_server:3.3::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ai_inference_server:3.3::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9", "reference_id": "cpe:/a:redhat:discovery:2::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:discovery:2::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream", "reference_id": "cpe:/a:redhat:enterprise_linux:9::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1", "reference_id": "cpe:/a:redhat:hummingbird:1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:hummingbird:1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9", "reference_id": "cpe:/a:redhat:insights_proxy:1.5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:insights_proxy:1.5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9", "reference_id": "cpe:/a:redhat:openshift:4.13::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.13::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9", "reference_id": "cpe:/a:redhat:openshift:4.14::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.14::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9", "reference_id": "cpe:/a:redhat:openshift:4.15::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.15::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9", "reference_id": "cpe:/a:redhat:openshift:4.16::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.16::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9", "reference_id": "cpe:/a:redhat:openshift:4.17::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.17::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9", "reference_id": "cpe:/a:redhat:openshift:4.18::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.18::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9", "reference_id": "cpe:/a:redhat:openshift:4.19::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4.19::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.0::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.0::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_id": "cpe:/a:redhat:rhel_e4s:9.2::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_e4s:9.2::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb", "reference_id": "cpe:/a:redhat:rhel_eus:9.4::crb", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.4::crb" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_id": "cpe:/a:redhat:rhel_eus:9.6::appstream", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhel_eus:9.6::appstream" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9", "reference_id": "cpe:/a:redhat:rhui:5::el9", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:5::el9" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1", "reference_id": "cpe:/o:redhat:enterprise_linux:10.1", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:10.1" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6", "reference_id": "cpe:/o:redhat:enterprise_linux:6", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7", "reference_id": "cpe:/o:redhat:enterprise_linux:7", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8", "reference_id": "cpe:/o:redhat:enterprise_linux:8", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos", "reference_id": "cpe:/o:redhat:enterprise_linux:9::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_id": "cpe:/o:redhat:enterprise_linux_eus:10.0", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux_eus:10.0" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.0::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.0::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_id": "cpe:/o:redhat:rhel_e4s:9.2::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_e4s:9.2::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.4::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.4::baseos" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_id": "cpe:/o:redhat:rhel_eus:9.6::baseos", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:rhel_eus:9.6::baseos" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2026-4111", "reference_id": "CVE-2026-4111", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/security/cve/CVE-2026-4111" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10065", "reference_id": "RHSA-2026:10065", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:10065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10081", "reference_id": "RHSA-2026:10081", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:10081" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:10097", "reference_id": "RHSA-2026:10097", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:10097" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:14773", "reference_id": "RHSA-2026:14773", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:14773" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:15087", "reference_id": "RHSA-2026:15087", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:15087" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16008", "reference_id": "RHSA-2026:16008", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16008" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16009", "reference_id": "RHSA-2026:16009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16009" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:16174", "reference_id": "RHSA-2026:16174", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:16174" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:17596", "reference_id": "RHSA-2026:17596", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:17596" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5063", "reference_id": "RHSA-2026:5063", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:5080", "reference_id": "RHSA-2026:5080", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:5080" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6647", "reference_id": "RHSA-2026:6647", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:6647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7093", "reference_id": "RHSA-2026:7093", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7105", "reference_id": "RHSA-2026:7105", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7106", "reference_id": "RHSA-2026:7106", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7239", "reference_id": "RHSA-2026:7239", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7329", "reference_id": "RHSA-2026:7329", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7329" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:7335", "reference_id": "RHSA-2026:7335", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:7335" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8423", "reference_id": "RHSA-2026:8423", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8746", "reference_id": "RHSA-2026:8746", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8747", "reference_id": "RHSA-2026:8747", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8747" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8748", "reference_id": "RHSA-2026:8748", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8748" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8865", "reference_id": "RHSA-2026:8865", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:8944", "reference_id": "RHSA-2026:8944", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:8944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:9832", "reference_id": "RHSA-2026:9832", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-13T13:36:13Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2026:9832" }, { "reference_url": "https://usn.ubuntu.com/8147-1/", "reference_id": "USN-8147-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8147-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2026-4111" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yr95-zhhd-sfet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75463?format=api", "vulnerability_id": "VCID-ywea-zfv7-5baz", "summary": "Stack-based buffer overflow in the parse_device function in archive_read_support_format_mtree.c in libarchive before 3.2.1 allows remote attackers to execute arbitrary code via a crafted mtree file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01847", "scoring_system": "epss", "scoring_elements": "0.83335", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01847", "scoring_system": "epss", "scoring_elements": "0.8336", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01847", "scoring_system": "epss", "scoring_elements": "0.83362", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01847", "scoring_system": "epss", "scoring_elements": "0.83358", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01847", "scoring_system": "epss", "scoring_elements": "0.83351", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01847", "scoring_system": "epss", "scoring_elements": "0.83364", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4301" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441", "reference_id": "1348441", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1348441" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-4301" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ywea-zfv7-5baz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75453?format=api", "vulnerability_id": "VCID-zd9y-zkbr-dubv", "summary": "The archive_le32dec function in archive_endian.h in libarchive 3.2.2 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10349.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-10349.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00945", "scoring_system": "epss", "scoring_elements": "0.76663", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00945", "scoring_system": "epss", "scoring_elements": "0.76692", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00945", "scoring_system": "epss", "scoring_elements": "0.76677", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00945", "scoring_system": "epss", "scoring_elements": "0.76699", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00945", "scoring_system": "epss", "scoring_elements": "0.76687", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10209" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10350" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14501" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14503" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000878" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000880" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449528", "reference_id": "1449528", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1449528" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609", "reference_id": "861609", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=861609" }, { "reference_url": "https://security.gentoo.org/glsa/201710-19", "reference_id": "GLSA-201710-19", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-19" }, { "reference_url": "https://usn.ubuntu.com/3736-1/", "reference_id": "USN-3736-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3736-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" }, { "url": "http://public2.vulnerablecode.io/api/packages/5592?format=api", "purl": "pkg:deb/debian/libarchive@3.3.3-4%2Bdeb10u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.3.3-4%252Bdeb10u1" } ], "aliases": [ "CVE-2016-10349" ], "risk_score": 1.5, "exploitability": "0.5", "weighted_severity": "3.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zd9y-zkbr-dubv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75512?format=api", "vulnerability_id": "VCID-zgpe-j255-5yct", "summary": "In libarchive before 3.6.2, the software does not check for an error after calling calloc function that can return with a NULL pointer if the function fails, which leads to a resultant NULL pointer dereference. NOTE: the discoverer cites this CWE-476 remark but third parties dispute the code-execution impact: \"In rare circumstances, when NULL is equivalent to the 0x0 memory address and privileged code can access it, then writing or reading memory is possible, which may lead to code execution.\"", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36227.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68347", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68389", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68373", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68396", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00551", "scoring_system": "epss", "scoring_elements": "0.68388", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36227" }, { "reference_url": "https://bugs.gentoo.org/882521", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/882521" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36227" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/libarchive/libarchive/issues/1754", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/libarchive/libarchive/issues/1754" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024669", "reference_id": "1024669", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1024669" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144972", "reference_id": "2144972", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2144972" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36227", "reference_id": "CVE-2022-36227", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36227" }, { "reference_url": "https://security.gentoo.org/glsa/202309-14", "reference_id": "GLSA-202309-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202309-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2532", "reference_id": "RHSA-2023:2532", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2532" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3018", "reference_id": "RHSA-2023:3018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0146", "reference_id": "RHSA-2024:0146", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0146" }, { "reference_url": "https://usn.ubuntu.com/7070-1/", "reference_id": "USN-7070-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7070-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/196100?format=api", "purl": "pkg:deb/debian/libarchive@3.6.2-1%2Bdeb12u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1pp8-5uev-z7b4" }, { "vulnerability": "VCID-9uqp-6xsc-g7c1" }, { "vulnerability": "VCID-evkf-vrqz-kkca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.6.2-1%252Bdeb12u4" } ], "aliases": [ "CVE-2022-36227" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgpe-j255-5yct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75473?format=api", "vulnerability_id": "VCID-zydt-8bwa-37bw", "summary": "Integer overflow in the ISO parser in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) via a crafted ISO file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.81051", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.81079", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.81084", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.8108", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.81076", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01438", "scoring_system": "epss", "scoring_elements": "0.81094", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8916" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8917" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8919" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8921" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8922" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8923" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8924" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8925" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8926" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8928" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8930" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8931" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8932" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8933" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4300" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4809" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5844" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350280", "reference_id": "1350280", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1350280" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://usn.ubuntu.com/3033-1/", "reference_id": "USN-3033-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3033-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-5844" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zydt-8bwa-37bw" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75478?format=api", "vulnerability_id": "VCID-3b8j-qwkk-7yem", "summary": "libarchive before 3.2.0 does not limit the number of recursive decompressions, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted gzip file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7166.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-7166.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58628", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58675", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58659", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58682", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.58674", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-7166" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347086", "reference_id": "1347086", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347086" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4992?format=api", "purl": "pkg:deb/debian/libarchive@3.1.2-11%2Bdeb8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2ft9-vcef-dkau" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3b8j-qwkk-7yem" }, { "vulnerability": "VCID-3cwa-fj97-mue9" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4hvy-whmq-53ft" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-5rvq-dzxr-ckb7" }, { "vulnerability": "VCID-5tcn-ytvt-23bk" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-8mvg-64ae-37b7" }, { "vulnerability": "VCID-at9e-fmp1-efcy" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-cny6-pqmg-kba4" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-eah1-4b6g-2ban" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-g5gx-6cyn-wkda" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gudt-ehk8-4uf4" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-her3-2ts6-tqcy" }, { "vulnerability": "VCID-hg9d-v158-mkc1" }, { "vulnerability": "VCID-hxfa-y27q-ebbd" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-kgdg-2t87-e7by" }, { "vulnerability": "VCID-mag5-4n4u-37en" }, { "vulnerability": "VCID-mtev-kqrn-hybv" }, { "vulnerability": "VCID-n336-t2eq-e3cs" }, { "vulnerability": "VCID-n352-9wrh-rqgc" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-ntqh-jfsf-a7hy" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-pusd-k7nk-tbfc" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qcu6-e115-mfh5" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-vsfx-3gzq-1qhv" }, { "vulnerability": "VCID-wqbs-kff4-1qc3" }, { "vulnerability": "VCID-wwkh-5ser-f7hq" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-xw2b-7t64-z3bm" }, { "vulnerability": "VCID-xybq-93sp-qker" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-y7z2-cxzp-6fbz" }, { "vulnerability": "VCID-yn2q-9svn-vucq" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-ywea-zfv7-5baz" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" }, { "vulnerability": "VCID-zydt-8bwa-37bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.1.2-11%252Bdeb8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-7166" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3b8j-qwkk-7yem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75476?format=api", "vulnerability_id": "VCID-cny6-pqmg-kba4", "summary": "Integer overflow in the ISO9660 writer in libarchive before 3.2.1 allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via vectors related to verifying filename lengths when writing an ISO9660 archive, which trigger a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6250.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6250.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86179", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.862", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86186", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86203", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02708", "scoring_system": "epss", "scoring_elements": "0.86198", "published_at": "2026-06-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347085", "reference_id": "1347085", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1347085" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4992?format=api", "purl": "pkg:deb/debian/libarchive@3.1.2-11%2Bdeb8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2ft9-vcef-dkau" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3b8j-qwkk-7yem" }, { "vulnerability": "VCID-3cwa-fj97-mue9" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4hvy-whmq-53ft" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-5rvq-dzxr-ckb7" }, { "vulnerability": "VCID-5tcn-ytvt-23bk" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-8mvg-64ae-37b7" }, { "vulnerability": "VCID-at9e-fmp1-efcy" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-cny6-pqmg-kba4" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-eah1-4b6g-2ban" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-g5gx-6cyn-wkda" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gudt-ehk8-4uf4" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-her3-2ts6-tqcy" }, { "vulnerability": "VCID-hg9d-v158-mkc1" }, { "vulnerability": "VCID-hxfa-y27q-ebbd" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-kgdg-2t87-e7by" }, { "vulnerability": "VCID-mag5-4n4u-37en" }, { "vulnerability": "VCID-mtev-kqrn-hybv" }, { "vulnerability": "VCID-n336-t2eq-e3cs" }, { "vulnerability": "VCID-n352-9wrh-rqgc" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-ntqh-jfsf-a7hy" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-pusd-k7nk-tbfc" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qcu6-e115-mfh5" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-vsfx-3gzq-1qhv" }, { "vulnerability": "VCID-wqbs-kff4-1qc3" }, { "vulnerability": "VCID-wwkh-5ser-f7hq" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-xw2b-7t64-z3bm" }, { "vulnerability": "VCID-xybq-93sp-qker" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-y7z2-cxzp-6fbz" }, { "vulnerability": "VCID-yn2q-9svn-vucq" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-ywea-zfv7-5baz" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" }, { "vulnerability": "VCID-zydt-8bwa-37bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.1.2-11%252Bdeb8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-6250" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cny6-pqmg-kba4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/75470?format=api", "vulnerability_id": "VCID-g5gx-6cyn-wkda", "summary": "The sandboxing code in libarchive 3.2.0 and earlier mishandles hardlink archive entries of non-zero data size, which might allow remote attackers to write to arbitrary files via a crafted archive file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5418.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5418.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88316", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.03788", "scoring_system": "epss", "scoring_elements": "0.88301", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90135", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90134", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90132", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05224", "scoring_system": "epss", "scoring_elements": "0.90119", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5418" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-6250" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7166" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:P/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601", "reference_id": "1362601", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1362601" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714", "reference_id": "837714", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=837714" }, { "reference_url": "https://security.gentoo.org/glsa/201701-03", "reference_id": "GLSA-201701-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1844", "reference_id": "RHSA-2016:1844", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1850", "reference_id": "RHSA-2016:1850", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1850" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1852", "reference_id": "RHSA-2016:1852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1853", "reference_id": "RHSA-2016:1853", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1853" }, { "reference_url": "https://usn.ubuntu.com/3225-1/", "reference_id": "USN-3225-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3225-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4992?format=api", "purl": "pkg:deb/debian/libarchive@3.1.2-11%2Bdeb8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2ft9-vcef-dkau" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3b8j-qwkk-7yem" }, { "vulnerability": "VCID-3cwa-fj97-mue9" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4hvy-whmq-53ft" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-5rvq-dzxr-ckb7" }, { "vulnerability": "VCID-5tcn-ytvt-23bk" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-8mvg-64ae-37b7" }, { "vulnerability": "VCID-at9e-fmp1-efcy" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-cny6-pqmg-kba4" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-eah1-4b6g-2ban" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-g5gx-6cyn-wkda" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gudt-ehk8-4uf4" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-her3-2ts6-tqcy" }, { "vulnerability": "VCID-hg9d-v158-mkc1" }, { "vulnerability": "VCID-hxfa-y27q-ebbd" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-kgdg-2t87-e7by" }, { "vulnerability": "VCID-mag5-4n4u-37en" }, { "vulnerability": "VCID-mtev-kqrn-hybv" }, { "vulnerability": "VCID-n336-t2eq-e3cs" }, { "vulnerability": "VCID-n352-9wrh-rqgc" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-ntqh-jfsf-a7hy" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-pusd-k7nk-tbfc" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qcu6-e115-mfh5" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-vsfx-3gzq-1qhv" }, { "vulnerability": "VCID-wqbs-kff4-1qc3" }, { "vulnerability": "VCID-wwkh-5ser-f7hq" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-xw2b-7t64-z3bm" }, { "vulnerability": "VCID-xybq-93sp-qker" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-y7z2-cxzp-6fbz" }, { "vulnerability": "VCID-yn2q-9svn-vucq" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-ywea-zfv7-5baz" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" }, { "vulnerability": "VCID-zydt-8bwa-37bw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.1.2-11%252Bdeb8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/4993?format=api", "purl": "pkg:deb/debian/libarchive@3.2.2-2%2Bdeb9u2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1zjd-nfwk-1bhy" }, { "vulnerability": "VCID-24dh-btpb-7yg5" }, { "vulnerability": "VCID-2jra-hgx1-akc2" }, { "vulnerability": "VCID-2kce-56xs-abaz" }, { "vulnerability": "VCID-37wa-xumu-bber" }, { "vulnerability": "VCID-3e6j-4j26-auhz" }, { "vulnerability": "VCID-3tqx-5ms2-akg3" }, { "vulnerability": "VCID-4t89-41bc-3ba8" }, { "vulnerability": "VCID-6fu1-u451-13bk" }, { "vulnerability": "VCID-b72d-fhvw-nqb2" }, { "vulnerability": "VCID-bb9k-aw7s-gqg9" }, { "vulnerability": "VCID-d7x6-bkm5-nbbb" }, { "vulnerability": "VCID-ds4r-cxqd-33c4" }, { "vulnerability": "VCID-g4hd-5kt2-wuc1" }, { "vulnerability": "VCID-gu6c-aam9-9bfs" }, { "vulnerability": "VCID-gue4-gwmq-cud9" }, { "vulnerability": "VCID-jpyc-ymx3-uuhh" }, { "vulnerability": "VCID-k2jw-vx9c-1bg3" }, { "vulnerability": "VCID-k366-b845-abfj" }, { "vulnerability": "VCID-n56c-gd3f-1ba1" }, { "vulnerability": "VCID-nrdr-yd3k-sybt" }, { "vulnerability": "VCID-pbqy-fdhh-83ea" }, { "vulnerability": "VCID-qbww-6cd7-gyb8" }, { "vulnerability": "VCID-qfaz-th5k-u3f3" }, { "vulnerability": "VCID-tmbf-p5xx-nfak" }, { "vulnerability": "VCID-x436-na6m-ubd9" }, { "vulnerability": "VCID-y61v-j3s4-qycm" }, { "vulnerability": "VCID-yr95-zhhd-sfet" }, { "vulnerability": "VCID-zd9y-zkbr-dubv" }, { "vulnerability": "VCID-zgpe-j255-5yct" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.2.2-2%252Bdeb9u2" } ], "aliases": [ "CVE-2016-5418" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g5gx-6cyn-wkda" } ], "risk_score": "4.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/libarchive@3.1.2-11%252Bdeb8u3" }