{"url":"http://public2.vulnerablecode.io/api/packages/94321?format=json","purl":"pkg:deb/debian/lynis@3.1.6-1?distro=trixie","type":"deb","namespace":"debian","name":"lynis","version":"3.1.6-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"0","latest_non_vulnerable_version":"3.1.6-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/218438?format=json","vulnerability_id":"VCID-11mn-ka4x-87d3","summary":"include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3982","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13186","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3982"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94319?format=json","purl":"pkg:deb/debian/lynis@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94320?format=json","purl":"pkg:deb/debian/lynis@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94318?format=json","purl":"pkg:deb/debian/lynis@3.0.8-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.8-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94322?format=json","purl":"pkg:deb/debian/lynis@3.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94321?format=json","purl":"pkg:deb/debian/lynis@3.1.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.6-1%3Fdistro=trixie"}],"aliases":["CVE-2014-3982"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-11mn-ka4x-87d3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206776?format=json","vulnerability_id":"VCID-28gg-2eqa-hfhk","summary":"In CISOfy Lynis 2.x through 2.7.5, the license key can be obtained by looking at the process list when a data upload is being performed. This license can be used to upload data to a central Lynis server. Although no data can be extracted by knowing the license key, it may be possible to upload the data of additional scans.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13033","reference_id":"","reference_type":"","scores":[{"value":"0.00072","scoring_system":"epss","scoring_elements":"0.22067","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-13033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13033","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-13033"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963161","reference_id":"963161","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963161"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94325?format=json","purl":"pkg:deb/debian/lynis@3.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94320?format=json","purl":"pkg:deb/debian/lynis@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94318?format=json","purl":"pkg:deb/debian/lynis@3.0.8-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.8-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94322?format=json","purl":"pkg:deb/debian/lynis@3.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94321?format=json","purl":"pkg:deb/debian/lynis@3.1.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.6-1%3Fdistro=trixie"}],"aliases":["CVE-2019-13033"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-28gg-2eqa-hfhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207710?format=json","vulnerability_id":"VCID-ffv4-wb5a-6bg6","summary":"CISOfy Lynis before 3.0.0 has Incorrect Access Control because of a TOCTOU race condition. The routine to check the log and report file permissions was not working as intended and could be bypassed locally. Because of the race, an unprivileged attacker can set up a log and report file, and control that up to the point where the specific routine is doing its check. After that, the file can be removed, recreated, and used for additional attacks.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13882","reference_id":"","reference_type":"","scores":[{"value":"0.00046","scoring_system":"epss","scoring_elements":"0.1447","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-13882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13882"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94325?format=json","purl":"pkg:deb/debian/lynis@3.0.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94320?format=json","purl":"pkg:deb/debian/lynis@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94318?format=json","purl":"pkg:deb/debian/lynis@3.0.8-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.8-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94322?format=json","purl":"pkg:deb/debian/lynis@3.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94321?format=json","purl":"pkg:deb/debian/lynis@3.1.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.6-1%3Fdistro=trixie"}],"aliases":["CVE-2020-13882"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ffv4-wb5a-6bg6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/197443?format=json","vulnerability_id":"VCID-j2j5-n4vv-kqcm","summary":"arbitrary file overwrite","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8108","reference_id":"","reference_type":"","scores":[{"value":"0.00035","scoring_system":"epss","scoring_elements":"0.10689","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-8108"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8108","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8108"},{"reference_url":"https://security.archlinux.org/ASA-201705-20","reference_id":"ASA-201705-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-20"},{"reference_url":"https://security.archlinux.org/AVG-278","reference_id":"AVG-278","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-278"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94324?format=json","purl":"pkg:deb/debian/lynis@2.5.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@2.5.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94320?format=json","purl":"pkg:deb/debian/lynis@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94318?format=json","purl":"pkg:deb/debian/lynis@3.0.8-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.8-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94322?format=json","purl":"pkg:deb/debian/lynis@3.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94321?format=json","purl":"pkg:deb/debian/lynis@3.1.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.6-1%3Fdistro=trixie"}],"aliases":["CVE-2017-8108"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2j5-n4vv-kqcm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/203449?format=json","vulnerability_id":"VCID-pp13-z3x9-g7ak","summary":"include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3986","reference_id":"","reference_type":"","scores":[{"value":"0.00042","scoring_system":"epss","scoring_elements":"0.13306","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3986"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751083","reference_id":"751083","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=751083"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/94323?format=json","purl":"pkg:deb/debian/lynis@1.5.5-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@1.5.5-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94320?format=json","purl":"pkg:deb/debian/lynis@3.0.2-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.2-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94318?format=json","purl":"pkg:deb/debian/lynis@3.0.8-1.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.0.8-1.1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94322?format=json","purl":"pkg:deb/debian/lynis@3.1.4-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.4-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/94321?format=json","purl":"pkg:deb/debian/lynis@3.1.6-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.6-1%3Fdistro=trixie"}],"aliases":["CVE-2014-3986"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pp13-z3x9-g7ak"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/lynis@3.1.6-1%3Fdistro=trixie"}