Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/582262?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "type": "deb", "namespace": "debian", "name": "docker.io", "version": "0", "qualifiers": { "distro": "trixie" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.2.0~dfsg1-1", "latest_non_vulnerable_version": "28.5.2+dfsg4-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81130?format=api", "vulnerability_id": "VCID-14uu-1w2t-ekh2", "summary": "docker: Security regression of CVE-2016-9962 due to inclusion of vulnerable runc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14300.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50168", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50191", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50245", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50237", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50265", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50238", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50227", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50272", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50133", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.5016", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50273", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50247", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.5022", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50225", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.5018", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50097", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50151", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00267", "scoring_system": "epss", "scoring_elements": "0.50179", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00362", "scoring_system": "epss", "scoring_elements": "0.5837", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14300" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848829", "reference_id": "1848829", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848829" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2653", "reference_id": "RHSA-2020:2653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14300" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-14uu-1w2t-ekh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/52965?format=api", "vulnerability_id": "VCID-2hy3-uwad-mydt", "summary": "Privilege Escalation in Docker\nDocker 1.0.0 uses world-readable and world-writable permissions on the management socket, which allows local users to gain privileges via unspecified vectors.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2014-0820.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3499.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3499.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3499", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09591", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0925", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09248", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.094", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09452", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09409", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0937", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09282", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09447", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.0952", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.095", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09532", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.093", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09302", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09352", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09264", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09341", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09389", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09372", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09357", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3499" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1111687" }, { "reference_url": "https://github.com/docker/docker/commit/707ef9618b3b26a0534a0af732a22f159eccfaa5", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/commit/707ef9618b3b26a0534a0af732a22f159eccfaa5" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3499", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3499" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2014-0820.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2014-0820.html" }, { "reference_url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3499", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3499" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0820", "reference_id": "RHSA-2014:0820", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0820" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2014-3499", "GHSA-wxj3-qwv4-cvfm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2hy3-uwad-mydt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14029?format=api", "vulnerability_id": "VCID-2ttv-me4k-z7hx", "summary": "Path Traversal in Moby builder\nutil/binfmt_misc/check.go in Builder in Docker Engine before 19.03.9 calls os.OpenFile with a potentially unsafe qemu-check temporary pathname, constructed with an empty first argument in an ioutil.TempDir call.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-27534.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.7369", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73562", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73572", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73565", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73597", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73609", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73607", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.736", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73625", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73649", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.7361", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73632", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73469", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73478", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.735", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73472", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73508", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73545", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73526", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0077", "scoring_system": "epss", "scoring_elements": "0.73519", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-27534" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921154", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1921154" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/buildkit/pull/1462", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/buildkit/pull/1462" }, { "reference_url": "https://github.com/moby/moby/pull/40877", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby/pull/40877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27534", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27534" }, { "reference_url": "http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://web.archive.org/web/20200530054359/https://docs.docker.com/engine/release-notes" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-27534", "GHSA-6hwg-w5jg-9c6x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2ttv-me4k-z7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81129?format=api", "vulnerability_id": "VCID-5syq-v7xj-zqcv", "summary": "docker: Security regression of CVE-2019-5736 due to inclusion of vulnerable runc", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14298.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-14298.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14298", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32712", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32843", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32879", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32699", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32747", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32774", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32775", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32738", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32751", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32728", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32697", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32546", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.3243", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32347", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32211", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32275", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32285", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32192", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32214", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00132", "scoring_system": "epss", "scoring_elements": "0.32282", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-14298" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848239", "reference_id": "1848239", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1848239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2653", "reference_id": "RHSA-2020:2653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2020-14298" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "7.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5syq-v7xj-zqcv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85738?format=api", "vulnerability_id": "VCID-9zkj-h3wh-afb6", "summary": "docker: regression of CVE-2014-5277", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1843.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-1843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81322", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81331", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81353", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81352", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.8138", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81385", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81407", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81394", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81386", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81423", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81424", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81425", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81446", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81454", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81458", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81476", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81495", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81517", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81514", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81532", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.01544", "scoring_system": "epss", "scoring_elements": "0.81571", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-1843" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206443", "reference_id": "1206443", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1206443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:0776", "reference_id": "RHSA-2015:0776", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2015:0776" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2015-1843" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9zkj-h3wh-afb6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84964?format=api", "vulnerability_id": "VCID-au62-jayw-u7hx", "summary": "docker: DoS via repeatedly joining and quitting swarm cluster as a node", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6595.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-6595.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6595", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.7073", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70745", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70763", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70739", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70784", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70823", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70807", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70792", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70837", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70843", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.7082", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70873", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70882", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70881", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70864", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70905", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70941", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70906", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70934", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00649", "scoring_system": "epss", "scoring_elements": "0.70987", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-6595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364008", "reference_id": "1364008", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1364008" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-6595" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-au62-jayw-u7hx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17474?format=api", "vulnerability_id": "VCID-evqv-4z17-kkcz", "summary": "NULL Pointer Dereference on moby image history\nmoby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-36620.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.19078", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0006", "scoring_system": "epss", "scoring_elements": "0.1913", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27899", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27984", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27958", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27896", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28055", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28134", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2841", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28371", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28422", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28445", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28429", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28478", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28246", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27993", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.2792", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28521", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28518", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.28477", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-36620" }, { "reference_url": "https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/" } ], "url": "https://gist.github.com/1047524396/f08816669701ab478a265a811d2c89b2" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/" } ], "url": "https://github.com/moby/moby/blob/v26.0.2/daemon/images/image_history.go#L48" }, { "reference_url": "https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-04T17:14:00Z/" } ], "url": "https://github.com/moby/moby/commit/ab570ab3d62038b3d26f96a9bb585d0b6095b9b4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36620", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-36620" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2024-3311", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2024-3311" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329534", "reference_id": "2329534", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2329534" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1703", "reference_id": "RHSA-2025:1703", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1703" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2024-36620", "GHSA-q59j-vv4j-v33c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-evqv-4z17-kkcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/29859?format=api", "vulnerability_id": "VCID-jgyp-7k51-1uda", "summary": "Moby firewalld reload makes published container ports accessible from remote hosts\nMoby is an open source container framework developed by Docker Inc. that is distributed as Docker Engine, Mirantis Container Runtime, and various other downstream projects/products. The Moby daemon component (dockerd), which is developed as [moby/moby](https://github.com/moby/moby) is commonly referred to as Docker, or Docker Engine.\n\nFirewalld is a daemon used by some Linux distributions to provide a dynamically managed firewall. When Firewalld is running, Docker uses its iptables backend to create rules, including rules to isolate containers in one bridge network from containers in other bridge networks.\n\n### Impact\n\nThe iptables rules created by Docker are removed when firewalld is reloaded using, for example \"firewall-cmd --reload\", \"killall -HUP firewalld\", or \"systemctl reload firewalld\".\n\nWhen that happens, Docker must re-create the rules. However, in affected versions of Docker, the iptables rules that prevent packets arriving on a host interface from reaching container addresses are not re-created.\n\nOnce these rules have been removed, a remote host configured with a route to a Docker bridge network can access published ports, even when those ports were only published to a loopback address. Unpublished ports remain inaccessible.\n\nFor example, following a firewalld reload on a Docker host with address `192.168.0.10` and a bridge network with subnet `172.17.0.0/16`, running the following command on another host in the local network will give it access to published ports on container addresses in that network: `ip route add 172.17.0.0/16 via 192.168.0.10`.\n\nContainers running in networks created with `--internal` or equivalent have no access to other networks. Containers that are only connected to these networks remain isolated after a firewalld reload.\n\nWhere Docker Engine is not running in the host's network namespace, it is unaffected. Including, for example, Rootless Mode, and Docker Desktop.\n\n### Patches\n\nMoby releases older than 28.2.0 are not affected. A fix is available in moby release 28.3.3.\n\n### Workarounds\nAfter reloading firewalld, either:\n- Restart the docker daemon,\n- Re-create bridge networks, or\n- Use rootless mode.\n\n### References\nhttps://firewalld.org/\nhttps://firewalld.org/documentation/howto/reload-firewalld.html", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54388.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54388.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54388", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0112", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.0111", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01115", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01122", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01125", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01127", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01128", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.0001", "scoring_system": "epss", "scoring_elements": "0.01069", "published_at": "2026-04-21T12:55:00Z" }, { "value": "6e-05", "scoring_system": "epss", "scoring_elements": "0.00402", "published_at": "2026-04-02T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00484", "published_at": "2026-04-07T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00478", "published_at": "2026-04-13T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00476", "published_at": "2026-04-12T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00479", "published_at": "2026-04-11T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00481", "published_at": "2026-04-08T12:55:00Z" }, { "value": "7e-05", "scoring_system": "epss", "scoring_elements": "0.00486", "published_at": "2026-04-04T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00857", "published_at": "2026-04-16T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00915", "published_at": "2026-04-24T12:55:00Z" }, { "value": "9e-05", "scoring_system": "epss", "scoring_elements": "0.00863", "published_at": "2026-04-18T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-54388" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/moby/moby", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moby/moby" }, { "reference_url": "https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/" } ], "url": "https://github.com/moby/moby/commit/bea959c7b793b32a893820b97c4eadc7c87fabb0" }, { "reference_url": "https://github.com/moby/moby/pull/50506", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/" } ], "url": "https://github.com/moby/moby/pull/50506" }, { "reference_url": "https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-07-30T13:36:54Z/" } ], "url": "https://github.com/moby/moby/security/advisories/GHSA-x4rx-4gw3-53p4" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54388", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" }, { "value": "5.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-54388" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384954", "reference_id": "2384954", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2384954" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2025-54388", "GHSA-x4rx-4gw3-53p4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jgyp-7k51-1uda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36786?format=api", "vulnerability_id": "VCID-vkba-amt4-m7e6", "summary": "Privilege Elevation in runc\nlibcontainer/user/user.go in runC before 0.1.0, as used in Docker before 1.11.2, improperly treats a numeric UID as a potential username, which allows local users to gain privileges via a numeric username in the password file in a container.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-1034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-1034.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2016-2634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2016-2634.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3697.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3697", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.179", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17912", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18073", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18127", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17828", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17916", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17976", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17993", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17949", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17842", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17852", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17888", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17796", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17774", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17741", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21012", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21111", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.20881", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.2095", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21037", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00069", "scoring_system": "epss", "scoring_elements": "0.21032", "published_at": "2026-05-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-3697" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3697" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/docker/docker/issues/21436", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/docker/docker/issues/21436" }, { "reference_url": "https://github.com/opencontainers/runc", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc" }, { "reference_url": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/commit/69af385de62ea68e2e608335cffbb0f4aa3db091" }, { "reference_url": "https://github.com/opencontainers/runc/pull/708", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/pull/708" }, { "reference_url": "https://github.com/opencontainers/runc/releases/tag/v0.1.0", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/opencontainers/runc/releases/tag/v0.1.0" }, { "reference_url": "https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.opensuse.org/opensuse-updates/2016-05/msg00111.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3697", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-3697" }, { "reference_url": "https://pkg.go.dev/vuln/GO-2021-0070", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://pkg.go.dev/vuln/GO-2021-0070" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-1034.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-1034.html" }, { "reference_url": "https://rhn.redhat.com/errata/RHSA-2016-2634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rhn.redhat.com/errata/RHSA-2016-2634.html" }, { "reference_url": "https://security.gentoo.org/glsa/201612-28", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201612-28" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329450", "reference_id": "1329450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1329450" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:linuxfoundation:runc:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1034", "reference_id": "RHSA-2016:1034", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1034" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2634", "reference_id": "RHSA-2016:2634", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2634" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-3697", "GHSA-q3j5-32m5-58c2" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vkba-amt4-m7e6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/196754?format=api", "vulnerability_id": "VCID-w4uc-6mvs-u3g7", "summary": "Docker Desktop Community Edition before 2.1.0.1 allows local users to gain privileges by placing a Trojan horse docker-credential-wincred.exe file in %PROGRAMDATA%\\DockerDesktop\\version-bin\\ as a low-privilege user, and then waiting for an admin or service user to authenticate with Docker, restart Docker, or run 'docker login' to force the command.", "references": [ { "reference_url": "http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/" } ], "url": "http://packetstormsecurity.com/files/157404/Docker-Credential-Wincred.exe-Privilege-Escalation.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15752", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97819", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97769", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.978", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97804", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97806", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97808", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97812", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97763", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.9777", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97772", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97785", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97787", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97793", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97796", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.49322", "scoring_system": "epss", "scoring_elements": "0.97794", "published_at": "2026-04-26T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-15752" }, { "reference_url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/" } ], "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E" }, { "reference_url": "https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-04T20:14:21Z/" } ], "url": "https://medium.com/%40morgan.henry.roman/elevation-of-privilege-in-docker-for-windows-2fd8450b478e" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-15752" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:geode:1.12.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_id": "cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:docker:docker:*:*:*:*:community:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/48388.rb", "reference_id": "CVE-2019-15752", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/local/48388.rb" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15752", "reference_id": "CVE-2019-15752", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-15752" }, { "reference_url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/docker_credential_wincred.rb", "reference_id": "CVE-2019-15752", "reference_type": "exploit", "scores": [], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/local/docker_credential_wincred.rb" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2019-15752" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4uc-6mvs-u3g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84822?format=api", "vulnerability_id": "VCID-y6tt-h3zz-ukev", "summary": "docker: Ambient capability usage in containers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8867.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8867.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60214", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6029", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60283", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60333", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60348", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60369", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60356", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60337", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60378", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60386", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60375", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60346", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60361", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60349", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60307", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60354", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60413", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.6037", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60397", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00395", "scoring_system": "epss", "scoring_elements": "0.60457", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8867" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390163", "reference_id": "1390163", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2653", "reference_id": "RHSA-2020:2653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2653" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/582262?format=api", "purl": "pkg:deb/debian/docker.io@0?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582263?format=api", "purl": "pkg:deb/debian/docker.io@20.10.5%2Bdfsg1-1%2Bdeb11u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-avqu-wswg-c3ga" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-bzeb-kj67-vfds" }, { "vulnerability": "VCID-e82r-vc77-f7bz" }, { "vulnerability": "VCID-njcw-wc13-dqcz" }, { "vulnerability": "VCID-quyf-eq2s-dbda" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.5%252Bdfsg1-1%252Bdeb11u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582264?format=api", "purl": "pkg:deb/debian/docker.io@20.10.24%2Bdfsg1-1%2Bdeb12u1?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1sky-21r5-3qcu" }, { "vulnerability": "VCID-6tg9-3vhh-muae" }, { "vulnerability": "VCID-8e1u-z6kg-ryhc" }, { "vulnerability": "VCID-b2qe-8u58-2qck" }, { "vulnerability": "VCID-njcw-wc13-dqcz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@20.10.24%252Bdfsg1-1%252Bdeb12u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582265?format=api", "purl": "pkg:deb/debian/docker.io@26.1.5%2Bdfsg1-9?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@26.1.5%252Bdfsg1-9%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/582266?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg3-2?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg3-2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/1081511?format=api", "purl": "pkg:deb/debian/docker.io@28.5.2%2Bdfsg4-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@28.5.2%252Bdfsg4-1%3Fdistro=trixie" } ], "aliases": [ "CVE-2016-8867" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y6tt-h3zz-ukev" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/docker.io@0%3Fdistro=trixie" }