Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/517497?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/517497?format=api", "purl": "pkg:deb/debian/pcre3@6.7-1", "type": "deb", "namespace": "debian", "name": "pcre3", "version": "6.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:8.39-13", "latest_non_vulnerable_version": "2:8.39-13", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38291?format=api", "vulnerability_id": "VCID-2qwh-71ab-3qef", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nHeap-based buffer overflow in PCRE and PCRE2 allows remote attackers to execute arbitrary code via a crafted regular expression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3210.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3210.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3210", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0573", "scoring_system": "epss", "scoring_elements": "0.90596", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0573", "scoring_system": "epss", "scoring_elements": "0.9061", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0573", "scoring_system": "epss", "scoring_elements": "0.90608", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0573", "scoring_system": "epss", "scoring_elements": "0.90606", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0573", "scoring_system": "epss", "scoring_elements": "0.90622", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3210" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3210", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3210" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287623", "reference_id": "1287623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287623" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787433", "reference_id": "787433", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787433" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3210", "reference_id": "CVE-2015-3210", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2694-1/", "reference_id": "USN-2694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2694-1/" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-3210" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qwh-71ab-3qef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97628?format=api", "vulnerability_id": "VCID-2vkd-7m31-zue9", "summary": "PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8383.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8383.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8383", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.85139", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.85164", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.85169", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.85163", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02335", "scoring_system": "epss", "scoring_elements": "0.85151", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8383" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8383" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287614", "reference_id": "1287614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287614" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8383" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vkd-7m31-zue9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70493?format=api", "vulnerability_id": "VCID-3brj-68fs-4fgc", "summary": "Heap-based buffer overflow in Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to execute arbitrary code via a singleton Unicode sequence in a character class in a regex pattern, which is incorrectly optimized.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4768.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4768.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4768", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09602", "scoring_system": "epss", "scoring_elements": "0.93024", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.09602", "scoring_system": "epss", "scoring_elements": "0.93035", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.09602", "scoring_system": "epss", "scoring_elements": "0.93032", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.09602", "scoring_system": "epss", "scoring_elements": "0.93028", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.09602", "scoring_system": "epss", "scoring_elements": "0.93025", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4768" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4768" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=392911", "reference_id": "392911", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=392911" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://security.gentoo.org/glsa/200801-07", "reference_id": "GLSA-200801-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200801-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1126", "reference_id": "RHSA-2007:1126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1126" }, { "reference_url": "https://usn.ubuntu.com/547-1/", "reference_id": "USN-547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2007-4768" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3brj-68fs-4fgc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97617?format=api", "vulnerability_id": "VCID-46dz-8eyy-tbh5", "summary": "Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0674.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-0674.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0674", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.2096", "scoring_system": "epss", "scoring_elements": "0.95746", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.2096", "scoring_system": "epss", "scoring_elements": "0.95751", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.2096", "scoring_system": "epss", "scoring_elements": "0.95755", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.2096", "scoring_system": "epss", "scoring_elements": "0.95757", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.2096", "scoring_system": "epss", "scoring_elements": "0.95756", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.2096", "scoring_system": "epss", "scoring_elements": "0.9576", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-0674" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0674" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660", "reference_id": "431660", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=431660" }, { "reference_url": "https://security.gentoo.org/glsa/200803-24", "reference_id": "GLSA-200803-24", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200803-24" }, { "reference_url": "https://security.gentoo.org/glsa/200811-05", "reference_id": "GLSA-200811-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200811-05" }, { "reference_url": "https://usn.ubuntu.com/581-1/", "reference_id": "USN-581-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/581-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2008-0674" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46dz-8eyy-tbh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97605?format=api", "vulnerability_id": "VCID-4mdh-pxxx-57ef", "summary": "The pcre_compile2 function in pcre_compile.c in PCRE 8.38 mishandles the /((?:F?+(?:^(?(R)a+\\\"){99}-))(?J)(?'R'(?'R'<((?'RR'(?'R'\\){97)?J)?J)(?'R'(?'R'\\){99|(:(?|(?'R')(\\k'R')|((?'R')))H'R'R)(H'R))))))/ pattern and related patterns with named subgroups, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1283.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.85256", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.8528", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.85285", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.85279", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02374", "scoring_system": "epss", "scoring_elements": "0.85267", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1283" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295385", "reference_id": "1295385", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1295385" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809706", "reference_id": "809706", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809706" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2016-1283" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mdh-pxxx-57ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70491?format=api", "vulnerability_id": "VCID-6dt8-y7an-63e8", "summary": "Multiple integer overflows in Perl-Compatible Regular Expression (PCRE) library before 7.3 allow context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via unspecified escape (backslash) sequences.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4766.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4766.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4766", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03859", "scoring_system": "epss", "scoring_elements": "0.88423", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.03859", "scoring_system": "epss", "scoring_elements": "0.88441", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.03859", "scoring_system": "epss", "scoring_elements": "0.88443", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.03859", "scoring_system": "epss", "scoring_elements": "0.88442", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.03859", "scoring_system": "epss", "scoring_elements": "0.88457", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4766" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4766" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=392891", "reference_id": "392891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=392891" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://usn.ubuntu.com/547-1/", "reference_id": "USN-547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2007-4766" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6dt8-y7an-63e8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97649?format=api", "vulnerability_id": "VCID-6ej3-hj13-nbhv", "summary": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7244.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7244.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7244", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67378", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67413", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67415", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67398", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67419", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00526", "scoring_system": "epss", "scoring_elements": "0.67427", "published_at": "2026-06-06T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7244" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7244" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437364", "reference_id": "1437364", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437364" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858683", "reference_id": "858683", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858683" }, { "reference_url": "https://security.archlinux.org/ASA-201707-20", "reference_id": "ASA-201707-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-20" }, { "reference_url": "https://security.archlinux.org/AVG-222", "reference_id": "AVG-222", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-222" }, { "reference_url": "https://security.gentoo.org/glsa/201710-25", "reference_id": "GLSA-201710-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-25" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/580893?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-3" } ], "aliases": [ "CVE-2017-7244" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ej3-hj13-nbhv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97634?format=api", "vulnerability_id": "VCID-6su7-nmeu-3yb7", "summary": "PCRE before 8.38 mishandles the /(?:|a|){100}x/ pattern and related patterns, which allows remote attackers to cause a denial of service (infinite recursion) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8389.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8389.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8389", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02653", "scoring_system": "epss", "scoring_elements": "0.86045", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02653", "scoring_system": "epss", "scoring_elements": "0.86066", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02653", "scoring_system": "epss", "scoring_elements": "0.86069", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02653", "scoring_system": "epss", "scoring_elements": "0.86065", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02653", "scoring_system": "epss", "scoring_elements": "0.86054", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02653", "scoring_system": "epss", "scoring_elements": "0.86067", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8389" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8389", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8389" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287659", "reference_id": "1287659", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287659" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8389" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6su7-nmeu-3yb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38516?format=api", "vulnerability_id": "VCID-75aq-khef-3fft", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nlibpcre1 in PCRE and libpcre2 in PCRE2 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7186.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7186.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7186", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07102", "scoring_system": "epss", "scoring_elements": "0.91704", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.07102", "scoring_system": "epss", "scoring_elements": "0.91695", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07102", "scoring_system": "epss", "scoring_elements": "0.91692", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.07102", "scoring_system": "epss", "scoring_elements": "0.9169", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07102", "scoring_system": "epss", "scoring_elements": "0.91681", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07102", "scoring_system": "epss", "scoring_elements": "0.91693", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7186" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7186" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434504", "reference_id": "1434504", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434504" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858230", "reference_id": "858230", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858230" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858233", "reference_id": "858233", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858233" }, { "reference_url": "https://security.archlinux.org/ASA-201707-20", "reference_id": "ASA-201707-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-20" }, { "reference_url": "https://security.archlinux.org/ASA-201710-18", "reference_id": "ASA-201710-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-18" }, { "reference_url": "https://security.archlinux.org/AVG-222", "reference_id": "AVG-222", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-222" }, { "reference_url": "https://security.archlinux.org/AVG-223", "reference_id": "AVG-223", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-223" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7186", "reference_id": "CVE-2017-7186", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7186" }, { "reference_url": "https://security.gentoo.org/glsa/201710-09", "reference_id": "GLSA-201710-09", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-09" }, { "reference_url": "https://security.gentoo.org/glsa/201710-25", "reference_id": "GLSA-201710-25", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-25" }, { "reference_url": "https://usn.ubuntu.com/5665-1/", "reference_id": "USN-5665-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5665-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/580893?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-3" } ], "aliases": [ "CVE-2017-7186" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-75aq-khef-3fft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97629?format=api", "vulnerability_id": "VCID-7cc1-8j9m-87gj", "summary": "PCRE before 8.38 mishandles the /(?J)(?'d'(?'d'\\g{d}))/ pattern and related patterns with certain recursive back references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8392 and CVE-2015-8395.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8384.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79186", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79212", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79218", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79209", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79199", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01192", "scoring_system": "epss", "scoring_elements": "0.79217", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8384" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287623", "reference_id": "1287623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287623" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8384" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7cc1-8j9m-87gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70492?format=api", "vulnerability_id": "VCID-7svm-qc5s-dyfb", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 does not properly compute the length of (1) a \\p sequence, (2) a \\P sequence, or (3) a \\P{x} sequence, which allows context-dependent attackers to cause a denial of service (infinite loop or crash) or execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4767.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-4767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01955", "scoring_system": "epss", "scoring_elements": "0.83805", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01955", "scoring_system": "epss", "scoring_elements": "0.83828", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01955", "scoring_system": "epss", "scoring_elements": "0.83831", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01955", "scoring_system": "epss", "scoring_elements": "0.83826", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01955", "scoring_system": "epss", "scoring_elements": "0.83818", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-4767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4767" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=392901", "reference_id": "392901", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=392901" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://usn.ubuntu.com/547-1/", "reference_id": "USN-547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2007-4767" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7svm-qc5s-dyfb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97627?format=api", "vulnerability_id": "VCID-8cyw-nfpt-yudh", "summary": "The match function in pcre_exec.c in PCRE before 8.37 mishandles the /(?:((abcd))|(((?:(?:(?:(?:abc|(?:abcdef))))b)abcdefghi)abc)|((*ACCEPT)))/ pattern and related patterns involving (*ACCEPT), which allows remote attackers to obtain sensitive information from process memory or cause a denial of service (partially initialized memory and application crash) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-2547.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8382.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8382.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8382", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01772", "scoring_system": "epss", "scoring_elements": "0.83001", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01772", "scoring_system": "epss", "scoring_elements": "0.83028", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01772", "scoring_system": "epss", "scoring_elements": "0.83024", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01772", "scoring_system": "epss", "scoring_elements": "0.83016", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8382" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8382" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187225", "reference_id": "1187225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187225" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794589", "reference_id": "794589", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794589" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8382" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8cyw-nfpt-yudh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97620?format=api", "vulnerability_id": "VCID-a74t-kk9s-a3c4", "summary": "pcre_jit_compile.c in PCRE 8.35 does not properly use table jumps to optimize nested alternatives, which allows remote attackers to cause a denial of service (stack memory corruption) or possibly have unspecified other impact via a crafted string, as demonstrated by packets encountered by Suricata during use of a regular expression in an Emerging Threats Open ruleset.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9769.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-9769.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9769", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76524", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76553", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76559", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76548", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.76538", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00934", "scoring_system": "epss", "scoring_elements": "0.7656", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-9769" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9769", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9769" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320995", "reference_id": "1320995", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1320995" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050", "reference_id": "819050", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819050" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2014-9769" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a74t-kk9s-a3c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97643?format=api", "vulnerability_id": "VCID-ahkb-168a-9bha", "summary": "PCRE before 8.38 mishandles the (?(<digits>) and (?(R<digits>) conditions, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8394.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8394.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8394", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0188", "scoring_system": "epss", "scoring_elements": "0.83488", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0188", "scoring_system": "epss", "scoring_elements": "0.83512", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0188", "scoring_system": "epss", "scoring_elements": "0.83515", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0188", "scoring_system": "epss", "scoring_elements": "0.83511", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0188", "scoring_system": "epss", "scoring_elements": "0.83502", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0188", "scoring_system": "epss", "scoring_elements": "0.83516", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8394" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8394" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287702", "reference_id": "1287702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287702" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8394" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ahkb-168a-9bha" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97630?format=api", "vulnerability_id": "VCID-by6c-cfvh-4uev", "summary": "PCRE before 8.38 mishandles the /(?|(\\k'Pm')|(?'Pm'))/ pattern and related patterns with certain forward references, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8385.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8385.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8385", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05145", "scoring_system": "epss", "scoring_elements": "0.90041", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05145", "scoring_system": "epss", "scoring_elements": "0.90056", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05145", "scoring_system": "epss", "scoring_elements": "0.90055", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05145", "scoring_system": "epss", "scoring_elements": "0.90053", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05145", "scoring_system": "epss", "scoring_elements": "0.90052", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05145", "scoring_system": "epss", "scoring_elements": "0.90067", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8385" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8385" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287629", "reference_id": "1287629", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287629" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8385" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-by6c-cfvh-4uev" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97633?format=api", "vulnerability_id": "VCID-c2g2-p2eq-mygx", "summary": "PCRE before 8.38 mishandles the /(?=di(?<=(?1))|(?=(.))))/ pattern and related patterns with an unmatched closing parenthesis, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8388.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04176", "scoring_system": "epss", "scoring_elements": "0.88888", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04176", "scoring_system": "epss", "scoring_elements": "0.88906", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04176", "scoring_system": "epss", "scoring_elements": "0.88905", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04176", "scoring_system": "epss", "scoring_elements": "0.88922", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8388" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1237223", "reference_id": "1237223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1237223" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8388" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c2g2-p2eq-mygx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97619?format=api", "vulnerability_id": "VCID-ca99-e38z-dygz", "summary": "Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an assertion that allows zero repeats.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8964.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8964.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8964", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02057", "scoring_system": "epss", "scoring_elements": "0.8424", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02057", "scoring_system": "epss", "scoring_elements": "0.84235", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02057", "scoring_system": "epss", "scoring_elements": "0.84236", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02057", "scoring_system": "epss", "scoring_elements": "0.84213", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02057", "scoring_system": "epss", "scoring_elements": "0.84234", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02057", "scoring_system": "epss", "scoring_elements": "0.84222", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-8964" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8964", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8964" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147", "reference_id": "1166147", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1166147" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770478", "reference_id": "770478", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770478" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0330", "reference_id": "RHSA-2015:0330", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0330" }, { "reference_url": "https://usn.ubuntu.com/2694-1/", "reference_id": "USN-2694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2694-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517504?format=api", "purl": "pkg:deb/debian/pcre3@2:8.35-3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.35-3.3" } ], "aliases": [ "CVE-2014-8964" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ca99-e38z-dygz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38050?format=api", "vulnerability_id": "VCID-d4wg-gtns-juf9", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nThe compile_branch function in pcre_compile.c in PCRE and pcre2_compile.c in PCRE2 mishandles patterns containing an (*ACCEPT) substring in conjunction with nested parentheses, which allows remote attackers to execute arbitrary code or cause a denial of service (stack-based buffer overflow) via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, aka ZDI-CAN-3542.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3191.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3191.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07915", "scoring_system": "epss", "scoring_elements": "0.92182", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.07915", "scoring_system": "epss", "scoring_elements": "0.92195", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.07915", "scoring_system": "epss", "scoring_elements": "0.92192", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.07915", "scoring_system": "epss", "scoring_elements": "0.92191", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.07915", "scoring_system": "epss", "scoring_elements": "0.92205", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3191" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3191" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503", "reference_id": "1311503", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1311503" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815920", "reference_id": "815920", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815920" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815921", "reference_id": "815921", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815921" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3191", "reference_id": "CVE-2016-3191", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2016-3191" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d4wg-gtns-juf9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70487?format=api", "vulnerability_id": "VCID-dfrv-b6pg-gqat", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via regex patterns containing unmatched \"\\Q\\E\" sequences with orphan \"\\E\" codes.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1659.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90232", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90247", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90246", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90244", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90243", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05344", "scoring_system": "epss", "scoring_elements": "0.90259", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1659" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=315871", "reference_id": "315871", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=315871" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0967", "reference_id": "RHSA-2007:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1068", "reference_id": "RHSA-2007:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1068" }, { "reference_url": "https://usn.ubuntu.com/547-1/", "reference_id": "USN-547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2007-1659" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dfrv-b6pg-gqat" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97625?format=api", "vulnerability_id": "VCID-g6q6-3k6s-vuey", "summary": "Heap-based buffer overflow in the find_fixedlength function in pcre_compile.c in PCRE before 8.38 allows remote attackers to cause a denial of service (crash) or obtain sensitive information from heap memory and possibly bypass the ASLR protection mechanism via a crafted regular expression with an excess closing parenthesis.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5073.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-5073.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5073", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68214", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68253", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68261", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68238", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00547", "scoring_system": "epss", "scoring_elements": "0.68254", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-5073" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5073" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1237223", "reference_id": "1237223", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1237223" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790000", "reference_id": "790000", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790000" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2694-1/", "reference_id": "USN-2694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2694-1/" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-5073" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6q6-3k6s-vuey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70489?format=api", "vulnerability_id": "VCID-gbe3-3gqm-5kes", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matching certain input bytes against some regex patterns in non-UTF-8 mode, which allows context-dependent attackers to obtain sensitive information or cause a denial of service (crash), as demonstrated by the \"\\X?\\d\" and \"\\P{L}?\\d\" patterns.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1661.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1661.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1661", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.84128", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.84151", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.84154", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.84149", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.84138", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02034", "scoring_system": "epss", "scoring_elements": "0.8415", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1661" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1661" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=392931", "reference_id": "392931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=392931" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://usn.ubuntu.com/547-1/", "reference_id": "USN-547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2007-1661" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gbe3-3gqm-5kes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97632?format=api", "vulnerability_id": "VCID-gczc-zfj9-j7ab", "summary": "PCRE before 8.38 mishandles (?123) subroutine calls and related subroutine calls, which allows remote attackers to cause a denial of service (integer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8387.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8387.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8387", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.81105", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.81134", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.81137", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.81129", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01448", "scoring_system": "epss", "scoring_elements": "0.81147", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8387" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8387" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287646", "reference_id": "1287646", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287646" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8387" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gczc-zfj9-j7ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97648?format=api", "vulnerability_id": "VCID-h9ka-a8zw-jqh5", "summary": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02589", "scoring_system": "epss", "scoring_elements": "0.85868", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02589", "scoring_system": "epss", "scoring_elements": "0.85889", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02589", "scoring_system": "epss", "scoring_elements": "0.85872", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02589", "scoring_system": "epss", "scoring_elements": "0.85891", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02589", "scoring_system": "epss", "scoring_elements": "0.85887", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6004" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6004" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425365", "reference_id": "1425365", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425365" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855405", "reference_id": "855405", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855405" }, { "reference_url": "https://security.gentoo.org/glsa/201706-11", "reference_id": "GLSA-201706-11", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201706-11" }, { "reference_url": "https://usn.ubuntu.com/5665-1/", "reference_id": "USN-5665-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5665-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/580893?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-3" } ], "aliases": [ "CVE-2017-6004" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9ka-a8zw-jqh5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52707?format=api", "vulnerability_id": "VCID-hmw5-paqq-pqbt", "summary": "Integer Overflow or Wraparound\nlibpcre in PCRE allows an integer overflow via a large number.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14155.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14155.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14155", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45821", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.4589", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45893", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45872", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45846", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0023", "scoring_system": "epss", "scoring_elements": "0.45859", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14155" }, { "reference_url": "https://bugs.gentoo.org/717920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.gentoo.org/717920" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14155" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://www.pcre.org/original/changelog.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.pcre.org/original/changelog.txt" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848436", "reference_id": "1848436", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848436" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963086", "reference_id": "963086", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963086" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14155", "reference_id": "CVE-2020-14155", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-14155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4373", "reference_id": "RHSA-2021:4373", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4373" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/5425-1/", "reference_id": "USN-5425-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5425-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/580895?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-13", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-13" } ], "aliases": [ "CVE-2020-14155" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hmw5-paqq-pqbt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38292?format=api", "vulnerability_id": "VCID-kd3m-s417-qkbr", "summary": "Improper Restriction of Operations within the Bounds of a Memory Buffer\nPCRE, and PCRE2 mishandle group empty matches, which might allow remote attackers to cause a denial of service (stack-based buffer overflow) via a crafted regular expression.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3217.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-3217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75413", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75442", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75446", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75437", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75423", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00861", "scoring_system": "epss", "scoring_elements": "0.75449", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-3217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3217" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283", "reference_id": "1228283", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1228283" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787641", "reference_id": "787641", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787641" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3217", "reference_id": "CVE-2015-3217", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-3217" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kd3m-s417-qkbr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97624?format=api", "vulnerability_id": "VCID-kpkt-vb2t-kuar", "summary": "PCRE before 8.36 mishandles the /((?(R)a|(?1)))+/ pattern and related patterns with certain recursion, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2328.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2328.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2328", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02714", "scoring_system": "epss", "scoring_elements": "0.86198", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02714", "scoring_system": "epss", "scoring_elements": "0.86219", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02714", "scoring_system": "epss", "scoring_elements": "0.86222", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02714", "scoring_system": "epss", "scoring_elements": "0.86217", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02714", "scoring_system": "epss", "scoring_elements": "0.86205", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2328" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2328" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285399", "reference_id": "1285399", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285399" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-2328" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kpkt-vb2t-kuar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97623?format=api", "vulnerability_id": "VCID-mrwr-pqss-6keq", "summary": "PCRE before 8.36 mishandles the /(((a\\2)|(a*)\\g<-1>))*/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service (segmentation fault) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2327.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2327.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2327", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02821", "scoring_system": "epss", "scoring_elements": "0.86426", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02821", "scoring_system": "epss", "scoring_elements": "0.86449", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02821", "scoring_system": "epss", "scoring_elements": "0.8645", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02821", "scoring_system": "epss", "scoring_elements": "0.86445", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02821", "scoring_system": "epss", "scoring_elements": "0.86432", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02821", "scoring_system": "epss", "scoring_elements": "0.86446", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2327" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2327" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285408", "reference_id": "1285408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-2327" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mrwr-pqss-6keq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70490?format=api", "vulnerability_id": "VCID-nxsf-pxg8-huar", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.3 reads past the end of the string when searching for unmatched brackets and parentheses, which allows context-dependent attackers to cause a denial of service (crash), possibly involving forward references.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1662.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1662.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1662", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0407", "scoring_system": "epss", "scoring_elements": "0.88744", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0407", "scoring_system": "epss", "scoring_elements": "0.88761", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0407", "scoring_system": "epss", "scoring_elements": "0.88763", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0407", "scoring_system": "epss", "scoring_elements": "0.88778", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1662" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1662" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=392921", "reference_id": "392921", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=392921" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://usn.ubuntu.com/547-1/", "reference_id": "USN-547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2007-1662" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nxsf-pxg8-huar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97626?format=api", "vulnerability_id": "VCID-p1z2-yqe2-tqaf", "summary": "The compile_regex function in pcre_compile.c in PCRE before 8.38 and pcre2_compile.c in PCRE2 before 10.2x mishandles the /(?J:(?|(:(?|(?'R')(\\k'R')|((?'R')))H'Rk'Rf)|s(?'R'))))/ and /(?J:(?|(:(?|(?'R')(\\z(?|(?'R')(\\k'R')|((?'R')))k'R')|((?'R')))H'Ak'Rf)|s(?'R')))/ patterns, and related patterns with certain group references, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8381.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8381.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8381", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05803", "scoring_system": "epss", "scoring_elements": "0.90676", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05803", "scoring_system": "epss", "scoring_elements": "0.90689", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05803", "scoring_system": "epss", "scoring_elements": "0.90688", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05803", "scoring_system": "epss", "scoring_elements": "0.90686", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05803", "scoring_system": "epss", "scoring_elements": "0.90684", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05803", "scoring_system": "epss", "scoring_elements": "0.90701", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8381" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8381" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287711", "reference_id": "1287711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287711" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796762", "reference_id": "796762", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=796762" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8381" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p1z2-yqe2-tqaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97644?format=api", "vulnerability_id": "VCID-p6s9-fmbe-bbdu", "summary": "PCRE before 8.38 mishandles certain references, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8392.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8395.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8395.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8395", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.8536", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85383", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85388", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85382", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.02405", "scoring_system": "epss", "scoring_elements": "0.85368", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8395" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8395", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8395" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287711", "reference_id": "1287711", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287711" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8395" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p6s9-fmbe-bbdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97604?format=api", "vulnerability_id": "VCID-qdex-ztgk-wbg4", "summary": "The pcre_exec function in pcre_exec.c in PCRE before 8.38 mishandles a // pattern with a \\01 string, which allows remote attackers to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8380.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8380.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79566", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79593", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79598", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79583", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01238", "scoring_system": "epss", "scoring_elements": "0.79601", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8380" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285413", "reference_id": "1285413", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1285413" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806467", "reference_id": "806467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=806467" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8380" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qdex-ztgk-wbg4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70488?format=api", "vulnerability_id": "VCID-rer1-gvnu-g3aq", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate sizes for unspecified \"multiple forms of character class\", which triggers a buffer overflow that allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1660.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2007-1660.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1660", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05628", "scoring_system": "epss", "scoring_elements": "0.90501", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.05628", "scoring_system": "epss", "scoring_elements": "0.90516", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.05628", "scoring_system": "epss", "scoring_elements": "0.90517", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.05628", "scoring_system": "epss", "scoring_elements": "0.90514", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.05628", "scoring_system": "epss", "scoring_elements": "0.90513", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.05628", "scoring_system": "epss", "scoring_elements": "0.90529", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2007-1660" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=315881", "reference_id": "315881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=315881" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0967", "reference_id": "RHSA-2007:0967", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0967" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:0968", "reference_id": "RHSA-2007:0968", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:0968" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1063", "reference_id": "RHSA-2007:1063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1065", "reference_id": "RHSA-2007:1065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0546", "reference_id": "RHSA-2008:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0546" }, { "reference_url": "https://usn.ubuntu.com/547-1/", "reference_id": "USN-547-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/547-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2007-1660" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rer1-gvnu-g3aq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97621?format=api", "vulnerability_id": "VCID-tkxu-ju7q-sqbn", "summary": "The compile_branch function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code, cause a denial of service (out-of-bounds heap read and crash), or possibly have other unspecified impact via a regular expression with a group containing a forward reference repeated a large number of times within a repeated outer group that has a zero minimum quantifier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2325.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2325.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2325", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64963", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.65006", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.65016", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.65003", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.64992", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00471", "scoring_system": "epss", "scoring_elements": "0.6501", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2325" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207198", "reference_id": "1207198", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207198" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781795", "reference_id": "781795", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781795" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2694-1/", "reference_id": "USN-2694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2694-1/" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-2325" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkxu-ju7q-sqbn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97631?format=api", "vulnerability_id": "VCID-twye-41tq-hkcw", "summary": "PCRE before 8.38 mishandles the interaction of lookbehind assertions and mutually recursive subpatterns, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8386.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8386.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8386", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0752", "scoring_system": "epss", "scoring_elements": "0.91951", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0752", "scoring_system": "epss", "scoring_elements": "0.91963", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.0752", "scoring_system": "epss", "scoring_elements": "0.91964", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0752", "scoring_system": "epss", "scoring_elements": "0.91962", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0752", "scoring_system": "epss", "scoring_elements": "0.91976", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8386" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8386" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287636", "reference_id": "1287636", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287636" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8386" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twye-41tq-hkcw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97638?format=api", "vulnerability_id": "VCID-u7q1-w5yx-bfc3", "summary": "The pcre_compile function in pcre_compile.c in PCRE before 8.38 mishandles certain [: nesting, which allows remote attackers to cause a denial of service (CPU consumption) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8391.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8391.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8391", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91194", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91207", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91206", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91204", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91199", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.06404", "scoring_system": "epss", "scoring_elements": "0.91215", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8391" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8391" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287671", "reference_id": "1287671", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287671" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1025", "reference_id": "RHSA-2016:1025", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1025" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8391" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u7q1-w5yx-bfc3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97614?format=api", "vulnerability_id": "VCID-uw1w-fdz9-yuee", "summary": "Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7230.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7230.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7230", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02783", "scoring_system": "epss", "scoring_elements": "0.86341", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02783", "scoring_system": "epss", "scoring_elements": "0.86364", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02783", "scoring_system": "epss", "scoring_elements": "0.86365", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02783", "scoring_system": "epss", "scoring_elements": "0.86362", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02783", "scoring_system": "epss", "scoring_elements": "0.86349", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02783", "scoring_system": "epss", "scoring_elements": "0.86363", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7230" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7230" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801", "reference_id": "384801", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=384801" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1059", "reference_id": "RHSA-2007:1059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1068", "reference_id": "RHSA-2007:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1068" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2006-7230" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uw1w-fdz9-yuee" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97641?format=api", "vulnerability_id": "VCID-vcbe-7a2z-93aa", "summary": "pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8393.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8393.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8393", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72753", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72791", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72799", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72781", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72769", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.00716", "scoring_system": "epss", "scoring_elements": "0.72793", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8393" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8393" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287695", "reference_id": "1287695", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287695" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8393" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vcbe-7a2z-93aa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97618?format=api", "vulnerability_id": "VCID-wqxy-edrq-qqhj", "summary": "Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins with an option and contains multiple branches.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2371.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-2371.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2371", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88832", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88849", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88847", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88846", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04128", "scoring_system": "epss", "scoring_elements": "0.88863", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2008-2371" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=452079", "reference_id": "452079", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=452079" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488919", "reference_id": "488919", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=488919" }, { "reference_url": "https://security.gentoo.org/glsa/200807-03", "reference_id": "GLSA-200807-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200807-03" }, { "reference_url": "https://security.gentoo.org/glsa/200811-05", "reference_id": "GLSA-200811-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200811-05" }, { "reference_url": "https://usn.ubuntu.com/624-1/", "reference_id": "USN-624-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/624-1/" }, { "reference_url": "https://usn.ubuntu.com/624-2/", "reference_id": "USN-624-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/624-2/" }, { "reference_url": "https://usn.ubuntu.com/628-1/", "reference_id": "USN-628-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/628-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517499?format=api", "purl": "pkg:deb/debian/pcre3@7.6-2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@7.6-2.1" } ], "aliases": [ "CVE-2008-2371" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wqxy-edrq-qqhj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97636?format=api", "vulnerability_id": "VCID-x1h1-mu7s-dfc4", "summary": "PCRE before 8.38 mishandles the [: and \\\\ substrings in character classes, which allows remote attackers to cause a denial of service (uninitialized memory read) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8390.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8390.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8390", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86537", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.8656", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86555", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86545", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.0287", "scoring_system": "epss", "scoring_elements": "0.86557", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8390" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8390" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287666", "reference_id": "1287666", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287666" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8390" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1h1-mu7s-dfc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97622?format=api", "vulnerability_id": "VCID-ys5j-2ms5-6qby", "summary": "The pcre_compile2 function in PCRE before 8.37 allows context-dependent attackers to compile incorrect code and cause a denial of service (out-of-bounds read) via regular expression with a group containing both a forward referencing subroutine call and a recursive back reference, as demonstrated by \"((?+1)(\\1))/\".", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2326.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2326.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2326", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.68993", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.6899", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.68984", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.68944", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.68987", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.00569", "scoring_system": "epss", "scoring_elements": "0.68971", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-2326" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2326" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207202", "reference_id": "1207202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207202" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783285", "reference_id": "783285", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=783285" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2694-1/", "reference_id": "USN-2694-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2694-1/" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-2326" ], "risk_score": 1.7, "exploitability": "0.5", "weighted_severity": "3.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ys5j-2ms5-6qby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97639?format=api", "vulnerability_id": "VCID-zfag-y22f-cfcp", "summary": "PCRE before 8.38 mishandles certain instances of the (?| substring, which allows remote attackers to cause a denial of service (unintended recursion and buffer overflow) or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror, a related issue to CVE-2015-8384 and CVE-2015-8395.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8392.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8392.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8392", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04389", "scoring_system": "epss", "scoring_elements": "0.89174", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.04389", "scoring_system": "epss", "scoring_elements": "0.89191", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.04389", "scoring_system": "epss", "scoring_elements": "0.89192", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.04389", "scoring_system": "epss", "scoring_elements": "0.89207", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8392" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8392", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8392" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287690", "reference_id": "1287690", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1287690" }, { "reference_url": "https://security.gentoo.org/glsa/201607-02", "reference_id": "GLSA-201607-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201607-02" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1132", "reference_id": "RHSA-2016:1132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1132" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2750", "reference_id": "RHSA-2016:2750", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2750" }, { "reference_url": "https://usn.ubuntu.com/2943-1/", "reference_id": "USN-2943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517506?format=api", "purl": "pkg:deb/debian/pcre3@2:8.39-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@2:8.39-1" } ], "aliases": [ "CVE-2015-8392" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zfag-y22f-cfcp" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70486?format=api", "vulnerability_id": "VCID-h1pf-3jp6-rbca", "summary": "Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified \"subpattern containing a named recursion or subroutine reference,\" which allows context-dependent attackers to cause a denial of service (error or crash).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7226.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7226.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7226", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82734", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82759", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82757", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82756", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82749", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01719", "scoring_system": "epss", "scoring_elements": "0.82761", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7226" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7226" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=384781", "reference_id": "384781", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=384781" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1059", "reference_id": "RHSA-2007:1059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1068", "reference_id": "RHSA-2007:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1068" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517497?format=api", "purl": "pkg:deb/debian/pcre3@6.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-3brj-68fs-4fgc" }, { "vulnerability": "VCID-46dz-8eyy-tbh5" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6dt8-y7an-63e8" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-7svm-qc5s-dyfb" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-dfrv-b6pg-gqat" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gbe3-3gqm-5kes" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-nxsf-pxg8-huar" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-rer1-gvnu-g3aq" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-uw1w-fdz9-yuee" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-wqxy-edrq-qqhj" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@6.7-1" } ], "aliases": [ "CVE-2006-7226" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h1pf-3jp6-rbca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97611?format=api", "vulnerability_id": "VCID-h2sg-jpwp-bkhy", "summary": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7227.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7227.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7227", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.85086", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.8511", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.85114", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.85108", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.85099", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02318", "scoring_system": "epss", "scoring_elements": "0.85113", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7227" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7227" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=383341", "reference_id": "383341", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383341" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1052", "reference_id": "RHSA-2007:1052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1052" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517497?format=api", "purl": "pkg:deb/debian/pcre3@6.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-3brj-68fs-4fgc" }, { "vulnerability": "VCID-46dz-8eyy-tbh5" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6dt8-y7an-63e8" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-7svm-qc5s-dyfb" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-dfrv-b6pg-gqat" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gbe3-3gqm-5kes" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-nxsf-pxg8-huar" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-rer1-gvnu-g3aq" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-uw1w-fdz9-yuee" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-wqxy-edrq-qqhj" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@6.7-1" } ], "aliases": [ "CVE-2006-7227" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h2sg-jpwp-bkhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70484?format=api", "vulnerability_id": "VCID-n84c-vtbw-7qd3", "summary": "Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a \"malformed POSIX character class\", as demonstrated via an invalid character after a [[ sequence.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7225.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7225.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7225", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.80035", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.80061", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.80065", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.80059", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.8005", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01295", "scoring_system": "epss", "scoring_elements": "0.8007", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7225" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7225" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=384761", "reference_id": "384761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=384761" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1059", "reference_id": "RHSA-2007:1059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1068", "reference_id": "RHSA-2007:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1068" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517497?format=api", "purl": "pkg:deb/debian/pcre3@6.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-3brj-68fs-4fgc" }, { "vulnerability": "VCID-46dz-8eyy-tbh5" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6dt8-y7an-63e8" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-7svm-qc5s-dyfb" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-dfrv-b6pg-gqat" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gbe3-3gqm-5kes" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-nxsf-pxg8-huar" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-rer1-gvnu-g3aq" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-uw1w-fdz9-yuee" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-wqxy-edrq-qqhj" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@6.7-1" } ], "aliases": [ "CVE-2006-7225" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n84c-vtbw-7qd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97612?format=api", "vulnerability_id": "VCID-nz7x-w6qd-sugm", "summary": "Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7228.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-7228.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7228", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02159", "scoring_system": "epss", "scoring_elements": "0.84592", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.02159", "scoring_system": "epss", "scoring_elements": "0.84616", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.02159", "scoring_system": "epss", "scoring_elements": "0.8462", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.02159", "scoring_system": "epss", "scoring_elements": "0.84604", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.02159", "scoring_system": "epss", "scoring_elements": "0.84617", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-7228" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-7228" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371", "reference_id": "383371", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383371" }, { "reference_url": "https://security.gentoo.org/glsa/200711-30", "reference_id": "GLSA-200711-30", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200711-30" }, { "reference_url": "https://security.gentoo.org/glsa/200802-10", "reference_id": "GLSA-200802-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200802-10" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1059", "reference_id": "RHSA-2007:1059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1063", "reference_id": "RHSA-2007:1063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1065", "reference_id": "RHSA-2007:1065", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1065" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1068", "reference_id": "RHSA-2007:1068", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1068" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1076", "reference_id": "RHSA-2007:1076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1077", "reference_id": "RHSA-2007:1077", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1077" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2008:0546", "reference_id": "RHSA-2008:0546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2008:0546" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517497?format=api", "purl": "pkg:deb/debian/pcre3@6.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-3brj-68fs-4fgc" }, { "vulnerability": "VCID-46dz-8eyy-tbh5" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6dt8-y7an-63e8" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-7svm-qc5s-dyfb" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-dfrv-b6pg-gqat" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gbe3-3gqm-5kes" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-nxsf-pxg8-huar" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-rer1-gvnu-g3aq" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-uw1w-fdz9-yuee" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-wqxy-edrq-qqhj" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@6.7-1" } ], "aliases": [ "CVE-2006-7228" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nz7x-w6qd-sugm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/50980?format=api", "vulnerability_id": "VCID-tkcs-1ynw-fbfz", "summary": "An integer overflow flaw was found in PCRE, a Perl-compatible regular expression library included within httpd. A local user who has the ability to create .htaccess files could create a maliciously crafted regular expression in such as way that they could gain the privileges of a httpd child.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2491.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-2491.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2491", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.83986", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.8396", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.83983", "published_at": "2026-06-05T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.83985", "published_at": "2026-06-09T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.83981", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01997", "scoring_system": "epss", "scoring_elements": "0.83972", "published_at": "2026-06-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-2491" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2491" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324531", "reference_id": "324531", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=324531" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326628", "reference_id": "326628", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326628" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326898", "reference_id": "326898", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326898" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=430638", "reference_id": "430638", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=430638" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2005-2491.json", "reference_id": "CVE-2005-2491", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2005-2491.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:358", "reference_id": "RHSA-2005:358", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:358" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2005:761", "reference_id": "RHSA-2005:761", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2005:761" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2006:0197", "reference_id": "RHSA-2006:0197", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2006:0197" }, { "reference_url": "https://usn.ubuntu.com/173-1/", "reference_id": "USN-173-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/173-1/" }, { "reference_url": "https://usn.ubuntu.com/173-2/", "reference_id": "USN-173-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/173-2/" }, { "reference_url": "https://usn.ubuntu.com/173-4/", "reference_id": "USN-173-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/173-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517497?format=api", "purl": "pkg:deb/debian/pcre3@6.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-3brj-68fs-4fgc" }, { "vulnerability": "VCID-46dz-8eyy-tbh5" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6dt8-y7an-63e8" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-7svm-qc5s-dyfb" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-dfrv-b6pg-gqat" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gbe3-3gqm-5kes" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-nxsf-pxg8-huar" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-rer1-gvnu-g3aq" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-uw1w-fdz9-yuee" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-wqxy-edrq-qqhj" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@6.7-1" } ], "aliases": [ "CVE-2005-2491" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tkcs-1ynw-fbfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/97610?format=api", "vulnerability_id": "VCID-zmcr-jwyw-qqcr", "summary": "Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4872.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2005-4872.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4872", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01485", "scoring_system": "epss", "scoring_elements": "0.81356", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.01485", "scoring_system": "epss", "scoring_elements": "0.81384", "published_at": "2026-06-07T12:55:00Z" }, { "value": "0.01485", "scoring_system": "epss", "scoring_elements": "0.81386", "published_at": "2026-06-06T12:55:00Z" }, { "value": "0.01485", "scoring_system": "epss", "scoring_elements": "0.81379", "published_at": "2026-06-08T12:55:00Z" }, { "value": "0.01485", "scoring_system": "epss", "scoring_elements": "0.81396", "published_at": "2026-06-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2005-4872" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4872" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=383361", "reference_id": "383361", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=383361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2007:1052", "reference_id": "RHSA-2007:1052", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2007:1052" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/517497?format=api", "purl": "pkg:deb/debian/pcre3@6.7-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qwh-71ab-3qef" }, { "vulnerability": "VCID-2vkd-7m31-zue9" }, { "vulnerability": "VCID-3brj-68fs-4fgc" }, { "vulnerability": "VCID-46dz-8eyy-tbh5" }, { "vulnerability": "VCID-4mdh-pxxx-57ef" }, { "vulnerability": "VCID-6dt8-y7an-63e8" }, { "vulnerability": "VCID-6ej3-hj13-nbhv" }, { "vulnerability": "VCID-6su7-nmeu-3yb7" }, { "vulnerability": "VCID-75aq-khef-3fft" }, { "vulnerability": "VCID-7cc1-8j9m-87gj" }, { "vulnerability": "VCID-7svm-qc5s-dyfb" }, { "vulnerability": "VCID-8cyw-nfpt-yudh" }, { "vulnerability": "VCID-a74t-kk9s-a3c4" }, { "vulnerability": "VCID-ahkb-168a-9bha" }, { "vulnerability": "VCID-by6c-cfvh-4uev" }, { "vulnerability": "VCID-c2g2-p2eq-mygx" }, { "vulnerability": "VCID-ca99-e38z-dygz" }, { "vulnerability": "VCID-d4wg-gtns-juf9" }, { "vulnerability": "VCID-dfrv-b6pg-gqat" }, { "vulnerability": "VCID-g6q6-3k6s-vuey" }, { "vulnerability": "VCID-gbe3-3gqm-5kes" }, { "vulnerability": "VCID-gczc-zfj9-j7ab" }, { "vulnerability": "VCID-h9ka-a8zw-jqh5" }, { "vulnerability": "VCID-hmw5-paqq-pqbt" }, { "vulnerability": "VCID-kd3m-s417-qkbr" }, { "vulnerability": "VCID-kpkt-vb2t-kuar" }, { "vulnerability": "VCID-mrwr-pqss-6keq" }, { "vulnerability": "VCID-nxsf-pxg8-huar" }, { "vulnerability": "VCID-p1z2-yqe2-tqaf" }, { "vulnerability": "VCID-p6s9-fmbe-bbdu" }, { "vulnerability": "VCID-qdex-ztgk-wbg4" }, { "vulnerability": "VCID-rer1-gvnu-g3aq" }, { "vulnerability": "VCID-tkxu-ju7q-sqbn" }, { "vulnerability": "VCID-twye-41tq-hkcw" }, { "vulnerability": "VCID-u7q1-w5yx-bfc3" }, { "vulnerability": "VCID-uw1w-fdz9-yuee" }, { "vulnerability": "VCID-vcbe-7a2z-93aa" }, { "vulnerability": "VCID-wqxy-edrq-qqhj" }, { "vulnerability": "VCID-x1h1-mu7s-dfc4" }, { "vulnerability": "VCID-ys5j-2ms5-6qby" }, { "vulnerability": "VCID-zfag-y22f-cfcp" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@6.7-1" } ], "aliases": [ "CVE-2005-4872" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zmcr-jwyw-qqcr" } ], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/pcre3@6.7-1" }