{"url":"http://public2.vulnerablecode.io/api/packages/89813?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-1?distro=trixie","type":"deb","namespace":"debian","name":"cantata","version":"2.5.0.ds1-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.5.0.ds1-4","latest_non_vulnerable_version":"3.4.0.ds1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62196?format=json","vulnerability_id":"VCID-hssd-4cyk-aygr","summary":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The wrapper script 'mount.cifs.wrapper' uses the shell to forward the arguments to the actual mount.cifs binary. The shell evaluates wildcards (such as in an injected string:/home/../tmp/* string).","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12562","reference_id":"","reference_type":"","scores":[{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59488","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59538","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59541","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59532","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59513","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12562"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12562","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12562"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798","reference_id":"901798","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89818?format=json","purl":"pkg:deb/debian/cantata@2.3.0.ds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.3.0.ds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89815?format=json","purl":"pkg:deb/debian/cantata@2.4.2.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.4.2.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89813?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89817?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89816?format=json","purl":"pkg:deb/debian/cantata@3.4.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@3.4.0.ds1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12562"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hssd-4cyk-aygr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62193?format=json","vulnerability_id":"VCID-urh9-3kxj-bqa1","summary":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. The mount target path check in mounter.cpp `mpOk()` is insufficient. A regular user can consequently mount a CIFS filesystem anywhere (e.g., outside of the /home directory tree) by passing directory traversal sequences such as a home/../usr substring.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12559","reference_id":"","reference_type":"","scores":[{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59908","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59955","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59958","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59949","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.59931","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00383","scoring_system":"epss","scoring_elements":"0.5995","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12559"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12559","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12559"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798","reference_id":"901798","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89818?format=json","purl":"pkg:deb/debian/cantata@2.3.0.ds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.3.0.ds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89815?format=json","purl":"pkg:deb/debian/cantata@2.4.2.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.4.2.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89813?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89817?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89816?format=json","purl":"pkg:deb/debian/cantata@3.4.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@3.4.0.ds1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12559"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-urh9-3kxj-bqa1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62192?format=json","vulnerability_id":"VCID-uu5g-24g5-87cg","summary":"Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7301","reference_id":"","reference_type":"","scores":[{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51911","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51971","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.5198","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51959","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51928","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00283","scoring_system":"epss","scoring_elements":"0.51948","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7301"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89814?format=json","purl":"pkg:deb/debian/cantata@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89815?format=json","purl":"pkg:deb/debian/cantata@2.4.2.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.4.2.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89813?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89817?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89816?format=json","purl":"pkg:deb/debian/cantata@3.4.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@3.4.0.ds1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7301"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uu5g-24g5-87cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62194?format=json","vulnerability_id":"VCID-wtyp-h5n2-d7cw","summary":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. Arbitrary unmounts can be performed by regular users via directory traversal sequences such as a home/../sys/kernel substring.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12560","reference_id":"","reference_type":"","scores":[{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48786","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48847","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48855","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48837","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48807","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00253","scoring_system":"epss","scoring_elements":"0.48821","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12560"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798","reference_id":"901798","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89818?format=json","purl":"pkg:deb/debian/cantata@2.3.0.ds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.3.0.ds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89815?format=json","purl":"pkg:deb/debian/cantata@2.4.2.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.4.2.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89813?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89817?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89816?format=json","purl":"pkg:deb/debian/cantata@3.4.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@3.4.0.ds1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12560"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wtyp-h5n2-d7cw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62195?format=json","vulnerability_id":"VCID-x1kp-xg4b-97h7","summary":"An issue was discovered in the cantata-mounter D-Bus service in Cantata through 2.3.1. A regular user can inject additional mount options such as file_mode= by manipulating (for example) the domain parameter of the samba URL.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12561","reference_id":"","reference_type":"","scores":[{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57616","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57668","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57676","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57667","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57654","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00348","scoring_system":"epss","scoring_elements":"0.57671","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12561"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798","reference_id":"901798","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901798"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89818?format=json","purl":"pkg:deb/debian/cantata@2.3.0.ds1-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.3.0.ds1-2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89815?format=json","purl":"pkg:deb/debian/cantata@2.4.2.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.4.2.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89813?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89817?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89816?format=json","purl":"pkg:deb/debian/cantata@3.4.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@3.4.0.ds1-1%3Fdistro=trixie"}],"aliases":["CVE-2018-12561"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1kp-xg4b-97h7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62191?format=json","vulnerability_id":"VCID-y27z-fmgc-33dw","summary":"Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server.  NOTE: this vulnerability can be leveraged by remote attackers using CVE-2013-7301.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7300","reference_id":"","reference_type":"","scores":[{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45971","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.4604","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46044","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46023","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.45997","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00231","scoring_system":"epss","scoring_elements":"0.46009","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-7300"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/89814?format=json","purl":"pkg:deb/debian/cantata@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89815?format=json","purl":"pkg:deb/debian/cantata@2.4.2.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.4.2.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89813?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89817?format=json","purl":"pkg:deb/debian/cantata@2.5.0.ds1-4?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-4%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89816?format=json","purl":"pkg:deb/debian/cantata@3.4.0.ds1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@3.4.0.ds1-1%3Fdistro=trixie"}],"aliases":["CVE-2013-7300"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y27z-fmgc-33dw"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/cantata@2.5.0.ds1-1%3Fdistro=trixie"}