Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/mc@4.5.1-1.1

Type deb

Namespace debian

Name mc

Version 4.5.1-1.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3:4.8.13-3

Latest_non_vulnerable_version 3:4.8.29-2

Affected_by_vulnerabilities

url VCID-45mq-v23x-8qg3

vulnerability_id VCID-45mq-v23x-8qg3

summary Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by causing mc to free unallocated memory.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1092

reference_id

reference_type

scores

value	0.00763
scoring_system	epss
scoring_elements	0.73763
published_at	2026-06-04T12:55:00Z

value	0.00763
scoring_system	epss
scoring_elements	0.738
published_at	2026-06-05T12:55:00Z

value	0.00763
scoring_system	epss
scoring_elements	0.73804
published_at	2026-06-06T12:55:00Z

value	0.00763
scoring_system	epss
scoring_elements	0.73791
published_at	2026-06-07T12:55:00Z

value	0.00763
scoring_system	epss
scoring_elements	0.73774
published_at	2026-06-08T12:55:00Z

value	0.00763
scoring_system	epss
scoring_elements	0.73802
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1092

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1092
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1092

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1092

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-45mq-v23x-8qg3

url VCID-6bkw-yr6a-rbdd

vulnerability_id VCID-6bkw-yr6a-rbdd

summary direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attackers to cause a denial of service by "manipulating non-existing file handles."

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1174.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1174.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1174

reference_id

reference_type

scores

value	0.01138
scoring_system	epss
scoring_elements	0.78736
published_at	2026-06-04T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78762
published_at	2026-06-05T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78769
published_at	2026-06-06T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78759
published_at	2026-06-07T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78748
published_at	2026-06-08T12:55:00Z

value	0.01138
scoring_system	epss
scoring_elements	0.78766
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1174

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1174
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1174

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617386
reference_id	1617386
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617386

reference_url	https://access.redhat.com/errata/RHSA-2005:512
reference_id	RHSA-2005:512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:512

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1174

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6bkw-yr6a-rbdd

url VCID-78s5-ctr6-6qgc

vulnerability_id VCID-78s5-ctr6-6qgc

summary Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "use of already freed memory."

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1093.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1093.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1093

reference_id

reference_type

scores

value	0.0106
scoring_system	epss
scoring_elements	0.77979
published_at	2026-06-04T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78006
published_at	2026-06-05T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78013
published_at	2026-06-06T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78003
published_at	2026-06-07T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.77992
published_at	2026-06-08T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78009
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1093

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1093
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1093

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617370
reference_id	1617370
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617370

reference_url	https://access.redhat.com/errata/RHSA-2005:512
reference_id	RHSA-2005:512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:512

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1093

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-78s5-ctr6-6qgc

url VCID-8vg1-1n6m-qfbd

vulnerability_id VCID-8vg1-1n6m-qfbd

summary Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c for Midnight Commander (mc) 4.6.0 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code during symlink conversion.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1023.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2003-1023.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2003-1023

reference_id

reference_type

scores

value	0.08278
scoring_system	epss
scoring_elements	0.92387
published_at	2026-06-04T12:55:00Z

value	0.08278
scoring_system	epss
scoring_elements	0.92401
published_at	2026-06-05T12:55:00Z

value	0.08278
scoring_system	epss
scoring_elements	0.92397
published_at	2026-06-06T12:55:00Z

value	0.08278
scoring_system	epss
scoring_elements	0.92392
published_at	2026-06-07T12:55:00Z

value	0.08278
scoring_system	epss
scoring_elements	0.92391
published_at	2026-06-08T12:55:00Z

value	0.08278
scoring_system	epss
scoring_elements	0.92409
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2003-1023

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1023
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-1023

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617123
reference_id	1617123
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617123

reference_url	https://access.redhat.com/errata/RHSA-2004:034
reference_id	RHSA-2004:034
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:034

reference_url	https://access.redhat.com/errata/RHSA-2004:035
reference_id	RHSA-2004:035
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:035

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2003-1023

risk_score 0.1

exploitability 0.5

weighted_severity 0.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8vg1-1n6m-qfbd

url VCID-94vj-91dx-kfcp

vulnerability_id VCID-94vj-91dx-kfcp

summary Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0231.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0231.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-0231

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32203
published_at	2026-06-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32275
published_at	2026-06-05T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32244
published_at	2026-06-06T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32206
published_at	2026-06-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32176
published_at	2026-06-08T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32199
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-0231

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0231
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0231

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617180
reference_id	1617180
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617180

reference_url	https://access.redhat.com/errata/RHSA-2004:172
reference_id	RHSA-2004:172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:172

reference_url	https://access.redhat.com/errata/RHSA-2004:173
reference_id	RHSA-2004:173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:173

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-0231

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94vj-91dx-kfcp

url VCID-94z4-47qe-ayc6

vulnerability_id VCID-94z4-47qe-ayc6

summary Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0226.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0226.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-0226

reference_id

reference_type

scores

value	0.01177
scoring_system	epss
scoring_elements	0.79066
published_at	2026-06-04T12:55:00Z

value	0.01177
scoring_system	epss
scoring_elements	0.79092
published_at	2026-06-05T12:55:00Z

value	0.01177
scoring_system	epss
scoring_elements	0.79098
published_at	2026-06-06T12:55:00Z

value	0.01177
scoring_system	epss
scoring_elements	0.79089
published_at	2026-06-07T12:55:00Z

value	0.01177
scoring_system	epss
scoring_elements	0.79076
published_at	2026-06-08T12:55:00Z

value	0.01177
scoring_system	epss
scoring_elements	0.79095
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-0226

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0226
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0226

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617179
reference_id	1617179
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617179

reference_url	https://access.redhat.com/errata/RHSA-2004:172
reference_id	RHSA-2004:172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:172

reference_url	https://access.redhat.com/errata/RHSA-2004:173
reference_id	RHSA-2004:173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:173

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-0226

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-94z4-47qe-ayc6

url VCID-95ta-59fg-47dw

vulnerability_id VCID-95ta-59fg-47dw

summary Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0763.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-0763.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2005-0763

reference_id

reference_type

scores

value	0.00102
scoring_system	epss
scoring_elements	0.27604
published_at	2026-06-04T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.2767
published_at	2026-06-05T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27621
published_at	2026-06-06T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27584
published_at	2026-06-07T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27535
published_at	2026-06-08T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.27542
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2005-0763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0763

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617578
reference_id	1617578
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617578

reference_url	https://access.redhat.com/errata/RHSA-2005:512
reference_id	RHSA-2005:512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:512

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2005-0763

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-95ta-59fg-47dw

url VCID-a5qs-n396-u7bs

vulnerability_id VCID-a5qs-n396-u7bs

summary Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1176.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1176.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1176

reference_id

reference_type

scores

value	0.02206
scoring_system	epss
scoring_elements	0.84751
published_at	2026-06-04T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84774
published_at	2026-06-05T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84778
published_at	2026-06-06T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84773
published_at	2026-06-07T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84761
published_at	2026-06-08T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84776
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1176

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1176
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1176

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617388
reference_id	1617388
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617388

reference_url	https://access.redhat.com/errata/RHSA-2005:217
reference_id	RHSA-2005:217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:217

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1176

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a5qs-n396-u7bs

url VCID-b7ew-172a-3qgz

vulnerability_id VCID-b7ew-172a-3qgz

summary Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1009.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1009.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1009

reference_id

reference_type

scores

value	0.01288
scoring_system	epss
scoring_elements	0.79982
published_at	2026-06-04T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.80007
published_at	2026-06-05T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.80012
published_at	2026-06-06T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.80006
published_at	2026-06-07T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.79996
published_at	2026-06-08T12:55:00Z

value	0.01288
scoring_system	epss
scoring_elements	0.80016
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1009

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1009
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1009

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617347
reference_id	1617347
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617347

reference_url	https://access.redhat.com/errata/RHSA-2005:512
reference_id	RHSA-2005:512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:512

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1009

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ew-172a-3qgz

url VCID-e1fr-k4bp-zugg

vulnerability_id VCID-e1fr-k4bp-zugg

summary fish.c in midnight commander allows remote attackers to execute arbitrary programs via "insecure filename quoting," possibly using shell metacharacters.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1175.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1175.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1175

reference_id

reference_type

scores

value	0.00949
scoring_system	epss
scoring_elements	0.76717
published_at	2026-06-04T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.7675
published_at	2026-06-05T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76756
published_at	2026-06-09T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76745
published_at	2026-06-07T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76734
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1175

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1175
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1175

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617387
reference_id	1617387
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617387

reference_url	https://access.redhat.com/errata/RHSA-2005:512
reference_id	RHSA-2005:512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:512

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1175

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-e1fr-k4bp-zugg

url VCID-gwvz-3m1t-eubm

vulnerability_id VCID-gwvz-3m1t-eubm

summary Multiple format string vulnerabilities in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1004.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1004.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1004

reference_id

reference_type

scores

value	0.00949
scoring_system	epss
scoring_elements	0.76717
published_at	2026-06-04T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.7675
published_at	2026-06-05T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76756
published_at	2026-06-09T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76745
published_at	2026-06-07T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76734
published_at	2026-06-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1004

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1004
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1004

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617344
reference_id	1617344
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617344

reference_url	https://access.redhat.com/errata/RHSA-2005:217
reference_id	RHSA-2005:217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:217

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1004

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gwvz-3m1t-eubm

url VCID-kht9-deys-w7b8

vulnerability_id VCID-kht9-deys-w7b8

summary Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0232.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-0232.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-0232

reference_id

reference_type

scores

value	0.01032
scoring_system	epss
scoring_elements	0.77684
published_at	2026-06-04T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77711
published_at	2026-06-05T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77718
published_at	2026-06-06T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77707
published_at	2026-06-07T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77696
published_at	2026-06-08T12:55:00Z

value	0.01032
scoring_system	epss
scoring_elements	0.77715
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-0232

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0232
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0232

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617181
reference_id	1617181
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617181

reference_url	https://access.redhat.com/errata/RHSA-2004:172
reference_id	RHSA-2004:172
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:172

reference_url	https://access.redhat.com/errata/RHSA-2004:173
reference_id	RHSA-2004:173
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2004:173

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-0232

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kht9-deys-w7b8

url VCID-mwej-1dkc-93gx

vulnerability_id VCID-mwej-1dkc-93gx

summary Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service via "a corrupt section header."

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1090.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1090.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1090

reference_id

reference_type

scores

value	0.0106
scoring_system	epss
scoring_elements	0.77979
published_at	2026-06-04T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78006
published_at	2026-06-05T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78013
published_at	2026-06-06T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78003
published_at	2026-06-07T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.77992
published_at	2026-06-08T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78009
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1090

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1090
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1090

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617368
reference_id	1617368
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617368

reference_url	https://access.redhat.com/errata/RHSA-2005:512
reference_id	RHSA-2005:512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:512

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1090

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mwej-1dkc-93gx

url VCID-nhzj-ezqj-xbcn

vulnerability_id VCID-nhzj-ezqj-xbcn

summary Midnight commander (mc) 4.5.55 and earlier allows remote attackers to cause a denial of service by triggering a null dereference.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1091.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1091.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1091

reference_id

reference_type

scores

value	0.0106
scoring_system	epss
scoring_elements	0.77979
published_at	2026-06-04T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78006
published_at	2026-06-05T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78013
published_at	2026-06-06T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78003
published_at	2026-06-07T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.77992
published_at	2026-06-08T12:55:00Z

value	0.0106
scoring_system	epss
scoring_elements	0.78009
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1091

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1091
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1091

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617369
reference_id	1617369
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617369

reference_url	https://access.redhat.com/errata/RHSA-2005:512
reference_id	RHSA-2005:512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:512

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1091

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nhzj-ezqj-xbcn

url VCID-qnce-3hac-yug6

vulnerability_id VCID-qnce-3hac-yug6

summary Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlier allow remote attackers to have an unknown impact.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1005.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2004-1005.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2004-1005

reference_id

reference_type

scores

value	0.01111
scoring_system	epss
scoring_elements	0.78493
published_at	2026-06-04T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.7852
published_at	2026-06-05T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78528
published_at	2026-06-06T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78518
published_at	2026-06-07T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78506
published_at	2026-06-08T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78524
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2004-1005

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1005
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1005

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1617345
reference_id	1617345
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1617345

reference_url	https://access.redhat.com/errata/RHSA-2005:217
reference_id	RHSA-2005:217
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2005:217

fixed_packages

url pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

purl pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-uha5-yqcj-ayf9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@1:4.6.0-4.6.1-pre3-3sarge1

aliases CVE-2004-1005

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qnce-3hac-yug6

url VCID-uha5-yqcj-ayf9

vulnerability_id VCID-uha5-yqcj-ayf9

summary Midnight Commander (mc) 4.8.5 does not properly handle the (1) MC_EXT_SELECTED or (2) MC_EXT_ONLYTAGGED environment variables when multiple files are selected, which allows user-assisted remote attackers to execute arbitrary commands via a crafted file name.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4463.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4463.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2012-4463

reference_id

reference_type

scores

value	0.00638
scoring_system	epss
scoring_elements	0.70898
published_at	2026-06-04T12:55:00Z

value	0.00638
scoring_system	epss
scoring_elements	0.7094
published_at	2026-06-05T12:55:00Z

value	0.00638
scoring_system	epss
scoring_elements	0.70947
published_at	2026-06-06T12:55:00Z

value	0.00638
scoring_system	epss
scoring_elements	0.70931
published_at	2026-06-07T12:55:00Z

value	0.00638
scoring_system	epss
scoring_elements	0.70917
published_at	2026-06-08T12:55:00Z

value	0.00638
scoring_system	epss
scoring_elements	0.70941
published_at	2026-06-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2012-4463

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4463
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4463

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689571
reference_id	689571
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689571

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=862813
reference_id	862813
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=862813

reference_url	https://security.gentoo.org/glsa/201402-18
reference_id	GLSA-201402-18
reference_type
scores
url	https://security.gentoo.org/glsa/201402-18

fixed_packages

url	pkg:deb/debian/mc@3:4.8.13-3
purl	pkg:deb/debian/mc@3:4.8.13-3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@3:4.8.13-3

aliases CVE-2012-4463

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-uha5-yqcj-ayf9

Fixing_vulnerabilities

Risk_score 0.1

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mc@4.5.1-1.1

Package Instance