{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","type":"nuget","namespace":"","name":"libssh2-vc141_xp","version":"1.8.2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51941?format=json","vulnerability_id":"VCID-gpcq-2b5m-tuh4","summary":"Integer Overflow or Wraparound\nIn libssh2 v1.9.0 versions, the SSH_MSG_DISCONNECT logic in packet.c has an integer overflow in a bounds check, enabling an attacker to specify an arbitrary (out-of-bounds) offset for a subsequent memory read. A crafted SSH server may be able to disclose sensitive information or cause a denial of service condition on the client system when a user connects to the server.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17498.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17498.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17498","reference_id":"","reference_type":"","scores":[{"value":"0.0142","scoring_system":"epss","scoring_elements":"0.8093","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17498"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1766898","reference_id":"1766898","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1766898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943562","reference_id":"943562","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=943562"},{"reference_url":"https://security.archlinux.org/AVG-1690","reference_id":"AVG-1690","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1690"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17498","reference_id":"CVE-2019-17498","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3915","reference_id":"RHSA-2020:3915","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3915"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"}],"fixed_packages":[],"aliases":["CVE-2019-17498"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gpcq-2b5m-tuh4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51667?format=json","vulnerability_id":"VCID-hyw1-xf29-dqg7","summary":"Out-of-bounds Read\nIn libssh2 such as CVE-2019-3855.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13115.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-13115.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13115","reference_id":"","reference_type":"","scores":[{"value":"0.424","scoring_system":"epss","scoring_elements":"0.97525","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731324","reference_id":"1731324","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1731324"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932329","reference_id":"932329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=932329"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13115","reference_id":"CVE-2019-13115","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-13115"}],"fixed_packages":[],"aliases":["CVE-2019-13115"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hyw1-xf29-dqg7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4149?format=json","vulnerability_id":"VCID-142s-rs1d-3uay","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3859.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3859.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3859","reference_id":"","reference_type":"","scores":[{"value":"0.01176","scoring_system":"epss","scoring_elements":"0.79064","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687307","reference_id":"1687307","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687307"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3859","reference_id":"CVE-2019-3859","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3859"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3859"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-142s-rs1d-3uay"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4145?format=json","vulnerability_id":"VCID-1vfx-ns2r-ckbj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3863.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3863.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3863","reference_id":"","reference_type":"","scores":[{"value":"0.08613","scoring_system":"epss","scoring_elements":"0.92574","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3863"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687313","reference_id":"1687313","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687313"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3863","reference_id":"CVE-2019-3863","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3863"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0679","reference_id":"RHSA-2019:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1175","reference_id":"RHSA-2019:1175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1652","reference_id":"RHSA-2019:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1791","reference_id":"RHSA-2019:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1943","reference_id":"RHSA-2019:1943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2399","reference_id":"RHSA-2019:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2399"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3863"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1vfx-ns2r-ckbj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4151?format=json","vulnerability_id":"VCID-4k52-4nbg-cucc","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3857.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3857.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3857","reference_id":"","reference_type":"","scores":[{"value":"0.04756","scoring_system":"epss","scoring_elements":"0.89626","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687305","reference_id":"1687305","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687305"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3857","reference_id":"CVE-2019-3857","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3857"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0679","reference_id":"RHSA-2019:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1175","reference_id":"RHSA-2019:1175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1652","reference_id":"RHSA-2019:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1791","reference_id":"RHSA-2019:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1943","reference_id":"RHSA-2019:1943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2399","reference_id":"RHSA-2019:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2399"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3857"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4k52-4nbg-cucc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38086?format=json","vulnerability_id":"VCID-8qt3-a937-xkbc","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThe diffie_hellman_sha256 function in kex.c in libssh2 improperly truncates secrets to bits, which makes it easier for man-in-the-middle attackers to decrypt or intercept SSH sessions via unspecified vectors, aka a \"bits/bytes confusion bug.\"","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0787.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0787.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0787","reference_id":"","reference_type":"","scores":[{"value":"0.03148","scoring_system":"epss","scoring_elements":"0.87135","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0787"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0787"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1306021","reference_id":"1306021","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1306021"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815662","reference_id":"815662","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=815662"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0787","reference_id":"CVE-2016-0787","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0787"},{"reference_url":"https://security.gentoo.org/glsa/201606-12","reference_id":"GLSA-201606-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0428","reference_id":"RHSA-2016:0428","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0428"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2016-0787"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qt3-a937-xkbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4152?format=json","vulnerability_id":"VCID-8vwp-t486-7fdd","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3856.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3856.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3856","reference_id":"","reference_type":"","scores":[{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89431","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687304","reference_id":"1687304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687304"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3856","reference_id":"CVE-2019-3856","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3856"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0679","reference_id":"RHSA-2019:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1175","reference_id":"RHSA-2019:1175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1652","reference_id":"RHSA-2019:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1791","reference_id":"RHSA-2019:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1943","reference_id":"RHSA-2019:1943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2399","reference_id":"RHSA-2019:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2399"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3856"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8vwp-t486-7fdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37823?format=json","vulnerability_id":"VCID-pgm2-eg5f-zqda","summary":"Improper Input Validation\nThe kex_agree_methods function in libssh2 allows remote servers to cause a denial of service (crash) or have other unspecified impact via crafted length values in an SSH_MSG_KEXINIT packet.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1782.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1782.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1782","reference_id":"","reference_type":"","scores":[{"value":"0.04133","scoring_system":"epss","scoring_elements":"0.8884","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-1782"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1782"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1199511","reference_id":"1199511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1199511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780249","reference_id":"780249","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=780249"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1782","reference_id":"CVE-2015-1782","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-1782"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2140","reference_id":"RHSA-2015:2140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2140"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2015-1782"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pgm2-eg5f-zqda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4146?format=json","vulnerability_id":"VCID-rk2c-3wew-jqhj","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3862.json","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3862","reference_id":"","reference_type":"","scores":[{"value":"0.06559","scoring_system":"epss","scoring_elements":"0.91307","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687312","reference_id":"1687312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687312"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3862","reference_id":"CVE-2019-3862","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3862"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1884","reference_id":"RHSA-2019:1884","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1884"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3862"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rk2c-3wew-jqhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4153?format=json","vulnerability_id":"VCID-x1js-rx88-succ","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3855.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3855.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3855","reference_id":"","reference_type":"","scores":[{"value":"0.16241","scoring_system":"epss","scoring_elements":"0.94941","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687303","reference_id":"1687303","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3855","reference_id":"CVE-2019-3855","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3855"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:0679","reference_id":"RHSA-2019:0679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:0679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1175","reference_id":"RHSA-2019:1175","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1175"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1652","reference_id":"RHSA-2019:1652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1791","reference_id":"RHSA-2019:1791","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1791"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1943","reference_id":"RHSA-2019:1943","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1943"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2399","reference_id":"RHSA-2019:2399","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2399"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3855"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1js-rx88-succ"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4150?format=json","vulnerability_id":"VCID-y1sy-jvg2-4fbm","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3858.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3858.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3858","reference_id":"","reference_type":"","scores":[{"value":"0.02187","scoring_system":"epss","scoring_elements":"0.84683","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687306","reference_id":"1687306","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687306"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3858","reference_id":"CVE-2019-3858","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3858"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2136","reference_id":"RHSA-2019:2136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3858"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y1sy-jvg2-4fbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4148?format=json","vulnerability_id":"VCID-yhzt-km1q-xkda","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3860.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3860.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3860","reference_id":"","reference_type":"","scores":[{"value":"0.00972","scoring_system":"epss","scoring_elements":"0.76983","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687310","reference_id":"1687310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687310"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3860","reference_id":"CVE-2019-3860","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3860"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3860"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yhzt-km1q-xkda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4147?format=json","vulnerability_id":"VCID-z8rf-ts9e-kyef","summary":"multiple issues","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3861.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3861.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3861","reference_id":"","reference_type":"","scores":[{"value":"0.01534","scoring_system":"epss","scoring_elements":"0.81656","published_at":"2026-06-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3855"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3856"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3857"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3858"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3859"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3861"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3863"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687311","reference_id":"1687311","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1687311"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965","reference_id":"924965","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924965"},{"reference_url":"https://security.archlinux.org/ASA-201903-12","reference_id":"ASA-201903-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201903-12"},{"reference_url":"https://security.archlinux.org/AVG-926","reference_id":"AVG-926","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-926"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3861","reference_id":"CVE-2019-3861","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3861"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2136","reference_id":"RHSA-2019:2136","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2136"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52210?format=json","purl":"pkg:nuget/libssh2-vc141_xp@1.8.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gpcq-2b5m-tuh4"},{"vulnerability":"VCID-hyw1-xf29-dqg7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}],"aliases":["CVE-2019-3861"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z8rf-ts9e-kyef"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libssh2-vc141_xp@1.8.2"}