{"url":"http://public2.vulnerablecode.io/api/packages/517898?format=json","purl":"pkg:deb/debian/nethack@3.6.1-1","type":"deb","namespace":"debian","name":"nethack","version":"3.6.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.6.7-1","latest_non_vulnerable_version":"3.6.7-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94699?format=json","vulnerability_id":"VCID-345x-asrz-dudn","summary":"In NetHack before 3.6.5, an invalid argument to the -w command line option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5210","reference_id":"","reference_type":"","scores":[{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81765","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.818","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81794","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01554","scoring_system":"epss","scoring_elements":"0.81809","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5210"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2020-5210"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-345x-asrz-dudn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94702?format=json","vulnerability_id":"VCID-4cfu-7ngb-n7ee","summary":"In NetHack before 3.6.5, an invalid extended command in value for the AUTOCOMPLETE configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5211","reference_id":"","reference_type":"","scores":[{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83307","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83304","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83297","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.8331","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5211"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5211","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5211"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2020-5211"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4cfu-7ngb-n7ee"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94705?format=json","vulnerability_id":"VCID-ehkr-4cvb-2fc7","summary":"In NetHack before 3.6.5, too long of a value for the SYMBOL configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5213","reference_id":"","reference_type":"","scores":[{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83307","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83304","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83297","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.8331","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5213"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5213","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5213"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2020-5213"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ehkr-4cvb-2fc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94712?format=json","vulnerability_id":"VCID-rbfu-1gwq-bbhc","summary":"In NetHack before 3.6.6, some out-of-bound values for the hilite_status option can be exploited. NetHack 3.6.6 resolves this issue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5254","reference_id":"","reference_type":"","scores":[{"value":"0.09282","scoring_system":"epss","scoring_elements":"0.92893","published_at":"2026-06-04T12:55:00Z"},{"value":"0.09282","scoring_system":"epss","scoring_elements":"0.92904","published_at":"2026-06-09T12:55:00Z"},{"value":"0.09282","scoring_system":"epss","scoring_elements":"0.92901","published_at":"2026-06-06T12:55:00Z"},{"value":"0.09282","scoring_system":"epss","scoring_elements":"0.92896","published_at":"2026-06-07T12:55:00Z"},{"value":"0.09282","scoring_system":"epss","scoring_elements":"0.92894","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5254"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5254","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5254"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953978","reference_id":"953978","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953978"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2020-5254"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rbfu-1gwq-bbhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94697?format=json","vulnerability_id":"VCID-ta67-xzbk-ryej","summary":"NetHack 3.6.x before 3.6.4 is prone to a buffer overflow vulnerability when reading very long lines from configuration files. This affects systems that have NetHack installed suid/sgid, and shared systems that allow users to upload their own configuration files.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19905","reference_id":"","reference_type":"","scores":[{"value":"0.02718","scoring_system":"epss","scoring_elements":"0.86207","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02718","scoring_system":"epss","scoring_elements":"0.86228","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02718","scoring_system":"epss","scoring_elements":"0.86231","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02718","scoring_system":"epss","scoring_elements":"0.86227","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02718","scoring_system":"epss","scoring_elements":"0.86215","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-19905"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19905","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19905"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947005","reference_id":"947005","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947005"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2019-19905"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ta67-xzbk-ryej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94704?format=json","vulnerability_id":"VCID-tj8m-2cg2-cqay","summary":"In NetHack before 3.6.5, an extremely long value for the MENUCOLOR configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5212","reference_id":"","reference_type":"","scores":[{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83307","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83304","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83297","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.8331","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5212"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5212","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5212"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2020-5212"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tj8m-2cg2-cqay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94698?format=json","vulnerability_id":"VCID-ujqc-4qmv-9qh4","summary":"In NetHack before 3.6.5, unknown options starting with -de and -i can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to influence command line options. Users should upgrade to NetHack 3.6.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5209","reference_id":"","reference_type":"","scores":[{"value":"0.01694","scoring_system":"epss","scoring_elements":"0.82603","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01694","scoring_system":"epss","scoring_elements":"0.82631","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01694","scoring_system":"epss","scoring_elements":"0.8263","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01694","scoring_system":"epss","scoring_elements":"0.82627","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01694","scoring_system":"epss","scoring_elements":"0.82621","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01694","scoring_system":"epss","scoring_elements":"0.82634","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5209"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2020-5209"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujqc-4qmv-9qh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94707?format=json","vulnerability_id":"VCID-vw11-kk8s-nuh3","summary":"In NetHack before 3.6.5, detecting an unknown configuration file option can cause a buffer overflow resulting in a crash or remote code execution/privilege escalation. This vulnerability affects systems that have NetHack installed suid/sgid and shared systems that allow users to upload their own configuration files. Users should upgrade to NetHack 3.6.5.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5214","reference_id":"","reference_type":"","scores":[{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83281","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83307","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83309","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83304","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.83297","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01836","scoring_system":"epss","scoring_elements":"0.8331","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-5214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5214"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/510327?format=json","purl":"pkg:deb/debian/nethack@3.6.6-2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqze-77sx-akfg"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.6-2"}],"aliases":["CVE-2020-5214"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vw11-kk8s-nuh3"}],"fixing_vulnerabilities":[],"risk_score":"0.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nethack@3.6.1-1"}