{"url":"http://public2.vulnerablecode.io/api/packages/88719?format=json","purl":"pkg:rpm/redhat/libgweather@3.28.2-2?arch=el7","type":"rpm","namespace":"redhat","name":"libgweather","version":"3.28.2-2","qualifiers":{"arch":"el7"},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59631?format=json","vulnerability_id":"VCID-1r6u-s1r1-3qhc","summary":"poppler: NULL pointer dereference in Annot.h:AnnotPath::getCoordsLength() allows for denial of service via crafted PDF","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10768.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10768","reference_id":"","reference_type":"","scores":[{"value":"0.01853","scoring_system":"epss","scoring_elements":"0.83332","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10768"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10768"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576169","reference_id":"1576169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576169"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3647-1/","reference_id":"USN-3647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3647-1/"}],"fixed_packages":[],"aliases":["CVE-2018-10768"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1r6u-s1r1-3qhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58810?format=json","vulnerability_id":"VCID-1rbh-rtpu-eyg8","summary":"accountsservice: insufficient path check in user_change_icon_file_authorized_cb() in user.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14036.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14036","reference_id":"","reference_type":"","scores":[{"value":"0.01239","scoring_system":"epss","scoring_elements":"0.79551","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-14036"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14036"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601019","reference_id":"1601019","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1601019"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828","reference_id":"903828","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/4616-1/","reference_id":"USN-4616-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4616-1/"},{"reference_url":"https://usn.ubuntu.com/4616-2/","reference_id":"USN-4616-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4616-2/"}],"fixed_packages":[],"aliases":["CVE-2018-14036"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rbh-rtpu-eyg8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59607?format=json","vulnerability_id":"VCID-45xv-dhx7-kbhx","summary":"webkitgtk: memory corruption processing maliciously crafted web content","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4204.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4204.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4204","reference_id":"","reference_type":"","scores":[{"value":"0.03746","scoring_system":"epss","scoring_elements":"0.88213","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4204"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4204","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4204"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577374","reference_id":"1577374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577374"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-4204"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-45xv-dhx7-kbhx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59655?format=json","vulnerability_id":"VCID-9pkq-7yt9-2uej","summary":"libgxps: Stack-based buffer overflow in calling glib in gxps_images_guess_content_type of gcontenttype.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10767.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10767","reference_id":"","reference_type":"","scores":[{"value":"0.00854","scoring_system":"epss","scoring_elements":"0.75255","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10767"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576175","reference_id":"1576175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576175"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898133","reference_id":"898133","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-10767"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pkq-7yt9-2uej"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59258?format=json","vulnerability_id":"VCID-b1x2-12k4-a3c7","summary":"webkitgtk: Improper TLS certificate verification for WebSocket connections","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11712.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11712","reference_id":"","reference_type":"","scores":[{"value":"0.00216","scoring_system":"epss","scoring_elements":"0.44151","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11712"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588742","reference_id":"1588742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588742"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-11712"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b1x2-12k4-a3c7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58530?format=json","vulnerability_id":"VCID-cx6n-2u5x-budw","summary":"poppler: out of bounds read in pdfunite","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-13988.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13988","reference_id":"","reference_type":"","scores":[{"value":"0.00696","scoring_system":"epss","scoring_elements":"0.72244","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-13988"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13988"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602838","reference_id":"1602838","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1602838"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922","reference_id":"904922","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3757-1/","reference_id":"USN-3757-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3757-1/"}],"fixed_packages":[],"aliases":["CVE-2018-13988"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cx6n-2u5x-budw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62755?format=json","vulnerability_id":"VCID-ef6p-2tvg-73gc","summary":"gdk-pixbuf2: Heap overflow in the gdk_pixbuf__jpeg_image_load_increment function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-2862.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2862","reference_id":"","reference_type":"","scores":[{"value":"0.04562","scoring_system":"epss","scoring_elements":"0.89369","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-2862"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2862"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488817","reference_id":"1488817","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1488817"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552","reference_id":"874552","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=874552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3418-1/","reference_id":"USN-3418-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3418-1/"}],"fixed_packages":[],"aliases":["CVE-2017-2862"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ef6p-2tvg-73gc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52262?format=json","vulnerability_id":"VCID-fs2r-sc5f-2far","summary":"freetype: a heap-based buffer over-read in T1_Get_Private_Dict in type1/t1parse.c leading to crash","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9381","reference_id":"","reference_type":"","scores":[{"value":"0.00711","scoring_system":"epss","scoring_elements":"0.72568","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9381"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752788","reference_id":"1752788","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1752788"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4254","reference_id":"RHSA-2019:4254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4254"},{"reference_url":"https://usn.ubuntu.com/4126-2/","reference_id":"USN-4126-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4126-2/"}],"fixed_packages":[],"aliases":["CVE-2015-9381"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fs2r-sc5f-2far"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58936?format=json","vulnerability_id":"VCID-h3mu-4p5g-4bhp","summary":"libsoup: Crash in soup_cookie_jar.c:get_cookies() on empty hostnames","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12910.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12910.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12910","reference_id":"","reference_type":"","scores":[{"value":"0.04538","scoring_system":"epss","scoring_elements":"0.89344","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12910"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12910","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12910"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1597980","reference_id":"1597980","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1597980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3701-1/","reference_id":"USN-3701-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3701-1/"}],"fixed_packages":[],"aliases":["CVE-2018-12910"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3mu-4p5g-4bhp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59618?format=json","vulnerability_id":"VCID-hd5n-h2wm-p3ey","summary":"webkitgtk: memory corruption processing maliciously crafted web content","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4200.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4200.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4200","reference_id":"","reference_type":"","scores":[{"value":"0.40022","scoring_system":"epss","scoring_elements":"0.97399","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4200"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577385","reference_id":"1577385","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577385"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1525","reference_id":"CVE-2018-4200","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1525"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44566.html","reference_id":"CVE-2018-4200","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44566.html"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3640-1/","reference_id":"USN-3640-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3640-1/"}],"fixed_packages":[],"aliases":["CVE-2018-4200"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hd5n-h2wm-p3ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62217?format=json","vulnerability_id":"VCID-j5sh-krcx-yyf3","summary":"poppler: Infinite recursion in fofi/FoFiType1C.cc:FoFiType1C::cvtGlyph() function allows denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-18267.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18267","reference_id":"","reference_type":"","scores":[{"value":"0.00274","scoring_system":"epss","scoring_elements":"0.51039","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-18267"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18267"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578777","reference_id":"1578777","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578777"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357","reference_id":"898357","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898357"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://usn.ubuntu.com/3647-1/","reference_id":"USN-3647-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3647-1/"}],"fixed_packages":[],"aliases":["CVE-2017-18267"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j5sh-krcx-yyf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59674?format=json","vulnerability_id":"VCID-kua2-deqn-hkbf","summary":"libgxps: heap based buffer over read in ft_font_face_hash function of gxps-fonts.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10733.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-10733.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10733","reference_id":"","reference_type":"","scores":[{"value":"0.00799","scoring_system":"epss","scoring_elements":"0.74321","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-10733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10733"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576111","reference_id":"1576111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1576111"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954","reference_id":"897954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=897954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-10733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kua2-deqn-hkbf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59254?format=json","vulnerability_id":"VCID-qk36-qax6-m7a9","summary":"webkitgtk: WebSockets don't use system proxy settings","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11713.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-11713.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11713","reference_id":"","reference_type":"","scores":[{"value":"0.00551","scoring_system":"epss","scoring_elements":"0.68285","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-11713"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11713","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11713"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588739","reference_id":"1588739","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1588739"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-11713"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qk36-qax6-m7a9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59625?format=json","vulnerability_id":"VCID-uttj-q7c8-yqbg","summary":"webkitgtk: memory corruption processing maliciously crafted web content","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4121.json","reference_id":"","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-4121.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4121","reference_id":"","reference_type":"","scores":[{"value":"0.3861","scoring_system":"epss","scoring_elements":"0.97318","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-4121"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4121","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-4121"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577387","reference_id":"1577387","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1577387"},{"reference_url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1522","reference_id":"CVE-2018-4121","reference_type":"exploit","scores":[],"url":"https://bugs.chromium.org/p/project-zero/issues/detail?id=1522"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44427.txt","reference_id":"CVE-2018-4121","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/44427.txt"},{"reference_url":"https://security.gentoo.org/glsa/201808-04","reference_id":"GLSA-201808-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201808-04"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"}],"fixed_packages":[],"aliases":["CVE-2018-4121"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uttj-q7c8-yqbg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/52547?format=json","vulnerability_id":"VCID-xk6q-a68x-qka2","summary":"freetype: mishandling ps_parser_skip_PS_token in an FT_New_Memory_Face operation in skip_comment, psaux/psobjs.c, leads to a buffer over-read","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-9382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9382","reference_id":"","reference_type":"","scores":[{"value":"0.00798","scoring_system":"epss","scoring_elements":"0.74308","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-9382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9382"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763609","reference_id":"1763609","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1763609"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3140","reference_id":"RHSA-2018:3140","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3140"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4254","reference_id":"RHSA-2019:4254","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4254"},{"reference_url":"https://usn.ubuntu.com/4126-2/","reference_id":"USN-4126-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4126-2/"}],"fixed_packages":[],"aliases":["CVE-2015-9382"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xk6q-a68x-qka2"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/libgweather@3.28.2-2%3Farch=el7"}