{"url":"http://public2.vulnerablecode.io/api/packages/518280?format=json","purl":"pkg:deb/debian/mpack@1.5-5","type":"deb","namespace":"debian","name":"mpack","version":"1.5-5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.6-8","latest_non_vulnerable_version":"1.6-8","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93505?format=json","vulnerability_id":"VCID-3cwg-dvdq-p7dt","summary":"Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1424","reference_id":"","reference_type":"","scores":[{"value":"0.02168","scoring_system":"epss","scoring_elements":"0.84627","published_at":"2026-06-04T12:55:00Z"},{"value":"0.02168","scoring_system":"epss","scoring_elements":"0.84652","published_at":"2026-06-09T12:55:00Z"},{"value":"0.02168","scoring_system":"epss","scoring_elements":"0.84656","published_at":"2026-06-06T12:55:00Z"},{"value":"0.02168","scoring_system":"epss","scoring_elements":"0.84651","published_at":"2026-06-07T12:55:00Z"},{"value":"0.02168","scoring_system":"epss","scoring_elements":"0.84639","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1424"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1424","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1424"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518282?format=json","purl":"pkg:deb/debian/mpack@1.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j72p-qbfp-suc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpack@1.6-1"}],"aliases":["CVE-2002-1424"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3cwg-dvdq-p7dt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93506?format=json","vulnerability_id":"VCID-6jmp-4r1v-syhg","summary":"Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1425","reference_id":"","reference_type":"","scores":[{"value":"0.01659","scoring_system":"epss","scoring_elements":"0.82394","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01659","scoring_system":"epss","scoring_elements":"0.82421","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01659","scoring_system":"epss","scoring_elements":"0.8242","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01659","scoring_system":"epss","scoring_elements":"0.82419","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01659","scoring_system":"epss","scoring_elements":"0.82412","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01659","scoring_system":"epss","scoring_elements":"0.82426","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2002-1425"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1425","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1425"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518282?format=json","purl":"pkg:deb/debian/mpack@1.6-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-j72p-qbfp-suc8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpack@1.6-1"}],"aliases":["CVE-2002-1425"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6jmp-4r1v-syhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93508?format=json","vulnerability_id":"VCID-j72p-qbfp-suc8","summary":"mpack 1.6 has information disclosure via eavesdropping on mails sent by other users","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4919","reference_id":"","reference_type":"","scores":[{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81963","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81996","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81997","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81998","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.81991","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01588","scoring_system":"epss","scoring_elements":"0.82006","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4919"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4919","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4919"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655971","reference_id":"655971","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=655971"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/518286?format=json","purl":"pkg:deb/debian/mpack@1.6-8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpack@1.6-8"}],"aliases":["CVE-2011-4919"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j72p-qbfp-suc8"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mpack@1.5-5"}