Package List
Lookup for vulnerable packages by Package URL.
GET /api/packages/?format=api
{ "count": 1066873, "next": "http://public2.vulnerablecode.io/api/packages/?format=api&page=2", "previous": null, "results": [ { "url": "http://public2.vulnerablecode.io/api/packages/374082?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@1.4.4.4-5", "type": "alpm", "namespace": "archlinux", "name": "389-ds-base", "version": "1.4.4.4-5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.2-1", "latest_non_vulnerable_version": "2.0.7-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80736?format=api", "vulnerability_id": "VCID-pexr-smr8-gbhh", "summary": "389-ds-base: information disclosure during the binding of a DN", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74018", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74024", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74055", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565", "reference_id": "1905565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565" }, { "reference_url": "https://security.archlinux.org/AVG-1482", "reference_id": "AVG-1482", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0599", "reference_id": "RHSA-2021:0599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1086", "reference_id": "RHSA-2021:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1243", "reference_id": "RHSA-2021:1243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1258", "reference_id": "RHSA-2021:1258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2323", "reference_id": "RHSA-2021:2323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2323" }, { "reference_url": "https://usn.ubuntu.com/USN-5231-1/", "reference_id": "USN-USN-5231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374083?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.2-1" } ], "aliases": [ "CVE-2020-35518" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pexr-smr8-gbhh" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@1.4.4.4-5" }, { "url": "http://public2.vulnerablecode.io/api/packages/374083?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.2-1", "type": "alpm", "namespace": "archlinux", "name": "389-ds-base", "version": "2.0.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.0.7-1", "latest_non_vulnerable_version": "2.0.7-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80736?format=api", "vulnerability_id": "VCID-pexr-smr8-gbhh", "summary": "389-ds-base: information disclosure during the binding of a DN", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35518.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35518", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74018", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74066", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74091", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74073", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74024", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7405", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74021", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.74055", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00801", "scoring_system": "epss", "scoring_elements": "0.7407", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35518" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35518" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565", "reference_id": "1905565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1905565" }, { "reference_url": "https://security.archlinux.org/AVG-1482", "reference_id": "AVG-1482", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1482" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0599", "reference_id": "RHSA-2021:0599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1086", "reference_id": "RHSA-2021:1086", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1086" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1243", "reference_id": "RHSA-2021:1243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1258", "reference_id": "RHSA-2021:1258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2323", "reference_id": "RHSA-2021:2323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2323" }, { "reference_url": "https://usn.ubuntu.com/USN-5231-1/", "reference_id": "USN-USN-5231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374083?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.2-1" } ], "aliases": [ "CVE-2020-35518" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pexr-smr8-gbhh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373589?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.3-2", "type": "alpm", "namespace": "archlinux", "name": "389-ds-base", "version": "2.0.3-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.0.7-1", "latest_non_vulnerable_version": "2.0.7-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80468?format=api", "vulnerability_id": "VCID-4tn2-her5-6fe1", "summary": "389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56838", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56948", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56991", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56972", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56954", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5693", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56981", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56984", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952907", "reference_id": "1952907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952907" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727", "reference_id": "988727", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727" }, { "reference_url": "https://security.archlinux.org/ASA-202107-72", "reference_id": "ASA-202107-72", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-72" }, { "reference_url": "https://security.archlinux.org/AVG-2206", "reference_id": "AVG-2206", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2595", "reference_id": "RHSA-2021:2595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2796", "reference_id": "RHSA-2021:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3955", "reference_id": "RHSA-2021:3955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0952", "reference_id": "RHSA-2022:0952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0952" }, { "reference_url": "https://usn.ubuntu.com/USN-5231-1/", "reference_id": "USN-USN-5231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373590?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1" } ], "aliases": [ "CVE-2021-3514" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tn2-her5-6fe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80201?format=api", "vulnerability_id": "VCID-knxk-357y-efhh", "summary": "389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30007", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29999", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30095", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30099", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30056", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3368", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33528", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782", "reference_id": "1982782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405", "reference_id": "991405", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405" }, { "reference_url": "https://security.archlinux.org/ASA-202107-72", "reference_id": "ASA-202107-72", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-72" }, { "reference_url": "https://security.archlinux.org/AVG-2206", "reference_id": "AVG-2206", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3079", "reference_id": "RHSA-2021:3079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3807", "reference_id": "RHSA-2021:3807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3906", "reference_id": "RHSA-2021:3906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3955", "reference_id": "RHSA-2021:3955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373590?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1" } ], "aliases": [ "CVE-2021-3652" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knxk-357y-efhh" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.3-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373590?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.7-1", "type": "alpm", "namespace": "archlinux", "name": "389-ds-base", "version": "2.0.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80468?format=api", "vulnerability_id": "VCID-4tn2-her5-6fe1", "summary": "389-ds-base: sync_repl NULL pointer dereference in sync_create_state_control()", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3514.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3514", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56838", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56948", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56991", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56972", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56932", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56954", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5693", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56981", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56984", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3514" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952907", "reference_id": "1952907", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1952907" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727", "reference_id": "988727", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988727" }, { "reference_url": "https://security.archlinux.org/ASA-202107-72", "reference_id": "ASA-202107-72", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-72" }, { "reference_url": "https://security.archlinux.org/AVG-2206", "reference_id": "AVG-2206", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2595", "reference_id": "RHSA-2021:2595", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2595" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2796", "reference_id": "RHSA-2021:2796", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2796" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3955", "reference_id": "RHSA-2021:3955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3955" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0952", "reference_id": "RHSA-2022:0952", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0952" }, { "reference_url": "https://usn.ubuntu.com/USN-5231-1/", "reference_id": "USN-USN-5231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373590?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1" } ], "aliases": [ "CVE-2021-3514" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4tn2-her5-6fe1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80201?format=api", "vulnerability_id": "VCID-knxk-357y-efhh", "summary": "389-ds-base: CRYPT password hash with asterisk allows any bind attempt to succeed", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3652.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3652", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30007", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.29999", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30059", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30095", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30099", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00114", "scoring_system": "epss", "scoring_elements": "0.30056", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.3368", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33713", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00138", "scoring_system": "epss", "scoring_elements": "0.33528", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3652" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3652" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782", "reference_id": "1982782", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982782" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405", "reference_id": "991405", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991405" }, { "reference_url": "https://security.archlinux.org/ASA-202107-72", "reference_id": "ASA-202107-72", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-72" }, { "reference_url": "https://security.archlinux.org/AVG-2206", "reference_id": "AVG-2206", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2206" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3079", "reference_id": "RHSA-2021:3079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3807", "reference_id": "RHSA-2021:3807", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3906", "reference_id": "RHSA-2021:3906", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3906" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3955", "reference_id": "RHSA-2021:3955", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373590?format=api", "purl": "pkg:alpm/archlinux/389-ds-base@2.0.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1" } ], "aliases": [ "CVE-2021-3652" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-knxk-357y-efhh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/389-ds-base@2.0.7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372389?format=api", "purl": "pkg:alpm/archlinux/a2ps@4.14-8", "type": "alpm", "namespace": "archlinux", "name": "a2ps", "version": "4.14-8", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.14-9", "latest_non_vulnerable_version": "4.14-9", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85450?format=api", "vulnerability_id": "VCID-436p-4bjx-7khu", "summary": "a2ps: output_file() format string flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82686", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82695", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.8269", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82618", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82645", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82671", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8107" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107" }, { "reference_url": "http://seclists.org/oss-sec/2015/q4/284", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2015/q4/284" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/77595", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/77595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283156", "reference_id": "1283156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283156" }, { "reference_url": "https://security.archlinux.org/ASA-202005-4", "reference_id": "ASA-202005-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-4" }, { "reference_url": "https://security.archlinux.org/AVG-1150", "reference_id": "AVG-1150", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1150" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8107", "reference_id": "CVE-2015-8107", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8107" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372390?format=api", "purl": "pkg:alpm/archlinux/a2ps@4.14-9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9" } ], "aliases": [ "CVE-2015-8107" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-436p-4bjx-7khu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31989?format=api", "vulnerability_id": "VCID-jyey-2ny4-akeh", "summary": "A vulnerability in a2ps' fixps script might allow remote attackers\n to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56761", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56905", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56909", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56917", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56897", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082410", "reference_id": "1082410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082410" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902", "reference_id": "742902", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902" }, { "reference_url": "https://security.archlinux.org/ASA-202005-4", "reference_id": "ASA-202005-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-4" }, { "reference_url": "https://security.archlinux.org/AVG-1150", "reference_id": "AVG-1150", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1150" }, { "reference_url": "https://security.gentoo.org/glsa/201701-67", "reference_id": "GLSA-201701-67", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372390?format=api", "purl": "pkg:alpm/archlinux/a2ps@4.14-9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9" } ], "aliases": [ "CVE-2014-0466" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyey-2ny4-akeh" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-8" }, { "url": "http://public2.vulnerablecode.io/api/packages/372390?format=api", "purl": "pkg:alpm/archlinux/a2ps@4.14-9", "type": "alpm", "namespace": "archlinux", "name": "a2ps", "version": "4.14-9", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85450?format=api", "vulnerability_id": "VCID-436p-4bjx-7khu", "summary": "a2ps: output_file() format string flaw", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-8107.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8107", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82686", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82678", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82695", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.8269", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82618", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82635", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82649", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82645", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01778", "scoring_system": "epss", "scoring_elements": "0.82671", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2015-8107" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8107" }, { "reference_url": "http://seclists.org/oss-sec/2015/q4/284", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2015/q4/284" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.securityfocus.com/bid/77595", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/77595" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283156", "reference_id": "1283156", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1283156" }, { "reference_url": "https://security.archlinux.org/ASA-202005-4", "reference_id": "ASA-202005-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-4" }, { "reference_url": "https://security.archlinux.org/AVG-1150", "reference_id": "AVG-1150", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1150" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:a2ps:4.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8107", "reference_id": "CVE-2015-8107", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-8107" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372390?format=api", "purl": "pkg:alpm/archlinux/a2ps@4.14-9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9" } ], "aliases": [ "CVE-2015-8107" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-436p-4bjx-7khu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31989?format=api", "vulnerability_id": "VCID-jyey-2ny4-akeh", "summary": "A vulnerability in a2ps' fixps script might allow remote attackers\n to execute arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0466.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0466", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56874", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56761", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56856", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56878", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56854", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56905", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56909", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56917", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00342", "scoring_system": "epss", "scoring_elements": "0.56897", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0466" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1593" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0466" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082410", "reference_id": "1082410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1082410" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902", "reference_id": "742902", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742902" }, { "reference_url": "https://security.archlinux.org/ASA-202005-4", "reference_id": "ASA-202005-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-4" }, { "reference_url": "https://security.archlinux.org/AVG-1150", "reference_id": "AVG-1150", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1150" }, { "reference_url": "https://security.gentoo.org/glsa/201701-67", "reference_id": "GLSA-201701-67", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-67" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372390?format=api", "purl": "pkg:alpm/archlinux/a2ps@4.14-9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9" } ], "aliases": [ "CVE-2014-0466" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jyey-2ny4-akeh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/a2ps@4.14-9" }, { "url": "http://public2.vulnerablecode.io/api/packages/373088?format=api", "purl": "pkg:alpm/archlinux/ansible@2.2.0.0-1", "type": "alpm", "namespace": "archlinux", "name": "ansible", "version": "2.2.0.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.2.1.0rc5-3", "latest_non_vulnerable_version": "2.10.7-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5724?format=api", "vulnerability_id": "VCID-yc8n-wxb4-1uaz", "summary": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0515", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.8855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88523", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88506", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88499", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:C/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m956-frf4-m2wr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m956-frf4-m2wr" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201701-77", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-77" }, { "reference_url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://www.exploit-db.com/exploits/41013", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/41013" }, { "reference_url": "https://www.exploit-db.com/exploits/41013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/41013/" }, { "reference_url": "http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404378", "reference_id": "1404378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846", "reference_id": "850846", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846" }, { "reference_url": "https://security.archlinux.org/AVG-137", "reference_id": "AVG-137", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-137" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587", "reference_id": "CVE-2016-9587", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt", "reference_id": "CVE-2016-9587;CT-2017-0109", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt" }, { "reference_url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt", "reference_id": "CVE-2016-9587;CT-2017-0109", "reference_type": "exploit", "scores": [], "url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0195", "reference_id": "RHSA-2017:0195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0260", "reference_id": "RHSA-2017:0260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0260" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373089?format=api", "purl": "pkg:alpm/archlinux/ansible@2.2.1.0rc5-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.1.0rc5-3" } ], "aliases": [ "CVE-2016-9587", "GHSA-m956-frf4-m2wr", "PYSEC-2018-39" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8n-wxb4-1uaz" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.0.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373089?format=api", "purl": "pkg:alpm/archlinux/ansible@2.2.1.0rc5-3", "type": "alpm", "namespace": "archlinux", "name": "ansible", "version": "2.2.1.0rc5-3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.10.7-1", "latest_non_vulnerable_version": "2.10.7-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5724?format=api", "vulnerability_id": "VCID-yc8n-wxb4-1uaz", "summary": "Ansible before versions 2.1.4, 2.2.1 is vulnerable to an improper input validation in Ansible's handling of data sent from client systems. An attacker with control over a client system being managed by Ansible and the ability to send facts back to the Ansible server could use this flaw to execute arbitrary code on the Ansible server using the Ansible server privileges.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0195.html" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://rhn.redhat.com/errata/RHSA-2017-0260.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0448", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0515", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:0515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1685", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2017:1685" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9587.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88554", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.8855", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88545", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88527", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88523", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88506", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88499", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04078", "scoring_system": "epss", "scoring_elements": "0.88561", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9587" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9587" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9587" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:C/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-m956-frf4-m2wr", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-m956-frf4-m2wr" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2018-39.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/201701-77", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201701-77" }, { "reference_url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20170115210655/http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://www.exploit-db.com/exploits/41013", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.exploit-db.com/exploits/41013" }, { "reference_url": "https://www.exploit-db.com/exploits/41013/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/41013/" }, { "reference_url": "http://www.securityfocus.com/bid/95352", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95352" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404378", "reference_id": "1404378", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1404378" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846", "reference_id": "850846", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850846" }, { "reference_url": "https://security.archlinux.org/AVG-137", "reference_id": "AVG-137", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-137" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:ansible:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:ansible:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openstack:11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587", "reference_id": "CVE-2016-9587", "reference_type": "", "scores": [ { "value": "9.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:C/I:C/A:C" }, { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H" }, { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.2", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9587" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt", "reference_id": "CVE-2016-9587;CT-2017-0109", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/41013.txt" }, { "reference_url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt", "reference_id": "CVE-2016-9587;CT-2017-0109", "reference_type": "exploit", "scores": [], "url": "https://www.computest.nl/advisories/CT-2017-0109_Ansible.txt" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0195", "reference_id": "RHSA-2017:0195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0260", "reference_id": "RHSA-2017:0260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0260" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373089?format=api", "purl": "pkg:alpm/archlinux/ansible@2.2.1.0rc5-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.1.0rc5-3" } ], "aliases": [ "CVE-2016-9587", "GHSA-m956-frf4-m2wr", "PYSEC-2018-39" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yc8n-wxb4-1uaz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.2.1.0rc5-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374065?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.5-1", "type": "alpm", "namespace": "archlinux", "name": "ansible", "version": "2.10.5-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.10.7-1", "latest_non_vulnerable_version": "2.10.7-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13372?format=api", "vulnerability_id": "VCID-atun-stks-4kcb", "summary": "Insertion of Sensitive Information into Log File\nA flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11284", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11339", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11204", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11412", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11208", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915808", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst" }, { "reference_url": "https://github.com/ansible/ansible/pull/73242", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73242" }, { "reference_url": "https://github.com/ansible/ansible/pull/73243", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73243" }, { "reference_url": "https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control" }, { "reference_url": "https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20180", "reference_id": "CVE-2021-20180", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20180" }, { "reference_url": "https://github.com/advisories/GHSA-fh5v-5f35-2rv2", "reference_id": "GHSA-fh5v-5f35-2rv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh5v-5f35-2rv2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374066?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1" } ], "aliases": [ "CVE-2021-20180", "GHSA-fh5v-5f35-2rv2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6457?format=api", "vulnerability_id": "VCID-fj2p-7wkh-1fhq", "summary": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13388", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13435", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13471", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13411", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13498", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13448", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13367", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13571", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1351", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C" }, { "reference_url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/pull/1635" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374066?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6459?format=api", "vulnerability_id": "VCID-xw8r-fn6y-mbhp", "summary": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1121", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11255", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11108", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11243", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11277", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0" }, { "reference_url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc" }, { "reference_url": "https://github.com/ansible/ansible/pull/73488", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73488" }, { "reference_url": "https://github.com/ansible/ansible/pull/73489", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73489" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374066?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.5-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374066?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.7-1", "type": "alpm", "namespace": "archlinux", "name": "ansible", "version": "2.10.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13372?format=api", "vulnerability_id": "VCID-atun-stks-4kcb", "summary": "Insertion of Sensitive Information into Log File\nA flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20180.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11284", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11312", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11345", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11339", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11285", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11204", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11412", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11355", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11208", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20180" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915808", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1915808" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20180" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.8.19/changelogs/CHANGELOG-v2.8.rst" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst" }, { "reference_url": "https://github.com/ansible/ansible/pull/73242", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73242" }, { "reference_url": "https://github.com/ansible/ansible/pull/73243", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73243" }, { "reference_url": "https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/tree/v2.7.18/lib/ansible/modules/source_control" }, { "reference_url": "https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/tree/v2.8.0a1/lib/ansible/modules/source_control" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20180", "reference_id": "CVE-2021-20180", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20180" }, { "reference_url": "https://github.com/advisories/GHSA-fh5v-5f35-2rv2", "reference_id": "GHSA-fh5v-5f35-2rv2", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-fh5v-5f35-2rv2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374066?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1" } ], "aliases": [ "CVE-2021-20180", "GHSA-fh5v-5f35-2rv2" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-atun-stks-4kcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6457?format=api", "vulnerability_id": "VCID-fj2p-7wkh-1fhq", "summary": "A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucket_pipeline_variable module. This flaw allows an attacker to steal bitbucket_pipeline credentials. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20178.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13388", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13435", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13471", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13411", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13498", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13448", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13367", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.13571", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00044", "scoring_system": "epss", "scoring_elements": "0.1351", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20178" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1914774" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20178" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-wv5p-gmmv-wh9v" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes,", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes," }, { "reference_url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/blob/v2.9.18/changelogs/CHANGELOG-v2.9.rst#security-fixes%2C" }, { "reference_url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/commit/1d0c5e2ba47724c31a18d7b08b9daf13df8829dc" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible-collections/community.general/pull/1635" }, { "reference_url": "https://github.com/ansible-collections/community.general/pull/1635,", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/ansible-collections/community.general/pull/1635," }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-106.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FUQ2QKAQA5OW2TY3ACZZMFIAJ2EQTG37/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIU7QZUV73U6ZQ65VJWSFBTCALVXLH55/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "7.1", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20178" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374066?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1" } ], "aliases": [ "CVE-2021-20178", "GHSA-wv5p-gmmv-wh9v", "PYSEC-2021-106" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fj2p-7wkh-1fhq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6459?format=api", "vulnerability_id": "VCID-xw8r-fn6y-mbhp", "summary": "A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by no_log feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to data confidentiality. Versions before ansible 2.9.18 are affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20191.json" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/cve-2021-20191" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11217", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.1121", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11131", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11315", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11255", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11108", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11243", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11277", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-20191" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1916813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20191" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-8f4m-hccc-8qph" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/cc82d986c40328d4ae81298a9d287c95a6326bb0" }, { "reference_url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/d74a1b1d1325af2a24848044cf2858987f5a3ecc" }, { "reference_url": "https://github.com/ansible/ansible/pull/73488", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73488" }, { "reference_url": "https://github.com/ansible/ansible/pull/73489", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/73489" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-124.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-20191" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753", "reference_id": "985753", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985753" }, { "reference_url": "https://security.archlinux.org/ASA-202102-9", "reference_id": "ASA-202102-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202102-9" }, { "reference_url": "https://security.archlinux.org/AVG-1437", "reference_id": "AVG-1437", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1437" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0663", "reference_id": "RHSA-2021:0663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0664", "reference_id": "RHSA-2021:0664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0664" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2180", "reference_id": "RHSA-2021:2180", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2180" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374066?format=api", "purl": "pkg:alpm/archlinux/ansible@2.10.7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1" } ], "aliases": [ "CVE-2021-20191", "GHSA-8f4m-hccc-8qph", "PYSEC-2021-124" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xw8r-fn6y-mbhp" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@2.10.7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373953?format=api", "purl": "pkg:alpm/archlinux/ansible@3.1.0-1", "type": "alpm", "namespace": "archlinux", "name": "ansible", "version": "3.1.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6304?format=api", "vulnerability_id": "VCID-rsry-fw45-9yev", "summary": "A flaw was found in several ansible modules, where parameters containing credentials, such as secrets, were being logged in plain-text on managed nodes, as well as being made visible on the controller node when run in verbose mode. These parameters were not protected by the no_log feature. An attacker can take advantage of this information to steal those credentials, provided when they have access to the log files containing them. The highest threat from this vulnerability is to data confidentiality. This flaw affects Red Hat Ansible Automation Platform in versions before 1.2.2 and Ansible Tower in versions before 3.8.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3447.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3447", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21842", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.2187", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21967", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21926", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22007", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.22059", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21824", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21899", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00072", "scoring_system": "epss", "scoring_elements": "0.21955", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3447" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939349", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939349" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3447", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3447" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MS4VPUYVLGSAKOX26IT52BSMEZRZ3KS/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JBZ75MAMVQVZROPYHMRDQKPPVASP63DG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RUTGO4RS4ZXZSPBU2CHVPT75IAFVTTL3/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721", "reference_id": "1014721", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014721" }, { "reference_url": "https://security.archlinux.org/AVG-1702", "reference_id": "AVG-1702", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1702" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3447", "reference_id": "CVE-2021-3447", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3447" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1079", "reference_id": "RHSA-2021:1079", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1079" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1342", "reference_id": "RHSA-2021:1342", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1342" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1343", "reference_id": "RHSA-2021:1343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2736", "reference_id": "RHSA-2021:2736", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2736" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2866", "reference_id": "RHSA-2021:2866", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2866" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3447", "PYSEC-2021-107" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsry-fw45-9yev" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@3.1.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373700?format=api", "purl": "pkg:alpm/archlinux/ansible@4.0.0-1", "type": "alpm", "namespace": "archlinux", "name": "ansible", "version": "4.0.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6475?format=api", "vulnerability_id": "VCID-4yvf-k192-9fca", "summary": "A flaw was found in Ansible if an ansible user sets ANSIBLE_ASYNC_DIR to a subdirectory of a world writable directory. When this occurs, there is a race condition on the managed machine. A malicious, non-privileged account on the remote machine can exploit the race condition to access the async result data. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956477" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3533", "reference_id": "CVE-2021-3533", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3533" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3533", "PYSEC-2021-126" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4yvf-k192-9fca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6474?format=api", "vulnerability_id": "VCID-vhv1-9ypf-1bd7", "summary": "A flaw was found in Ansible where the secret information present in async_files are getting disclosed when the user changes the jobdir to a world readable directory. Any secret information in an async status file will be readable by a malicious user on that system. This flaw affects Ansible Tower 3.7 and Ansible Automation Platform 1.2.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3532.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3532.json" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956464", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1956464" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2056", "reference_id": "AVG-2056", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2056" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3532", "PYSEC-2021-125" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vhv1-9ypf-1bd7" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible@4.0.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373574?format=api", "purl": "pkg:alpm/archlinux/ansible-core@2.11.2-1", "type": "alpm", "namespace": "archlinux", "name": "ansible-core", "version": "2.11.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.11.3-1", "latest_non_vulnerable_version": "2.11.3-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6601?format=api", "vulnerability_id": "VCID-axc3-wcsk-q3eg", "summary": "A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54919", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54804", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5492", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e" }, { "reference_url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847" }, { "reference_url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1" }, { "reference_url": "https://github.com/ansible/ansible/pull/74960", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/74960" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2663", "reference_id": "RHSA-2021:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2664", "reference_id": "RHSA-2021:2664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2664" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373575?format=api", "purl": "pkg:alpm/archlinux/ansible-core@2.11.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.3-1" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373575?format=api", "purl": "pkg:alpm/archlinux/ansible-core@2.11.3-1", "type": "alpm", "namespace": "archlinux", "name": "ansible-core", "version": "2.11.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6601?format=api", "vulnerability_id": "VCID-axc3-wcsk-q3eg", "summary": "A flaw was found in Ansible, where a user's controller is vulnerable to template injection. This issue can occur through facts used in the template if the user is trying to put templates in multi-line YAML strings and the facts being handled do not routinely include special template characters. This flaw allows attackers to perform command injection, which discloses sensitive information. The highest threat from this vulnerability is to confidentiality and integrity.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3583.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54913", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54931", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54919", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54804", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5487", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54901", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.54875", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00319", "scoring_system": "epss", "scoring_elements": "0.5492", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3583" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968412" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3583" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-2pfh-q76x-gwvm" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/03aff644cc1c00e1f7551195c68fbd0d13a39e6e" }, { "reference_url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8aa850e3573e48c9a2f12aef84e8a3a6f5ba4847" }, { "reference_url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/commit/8b17e5b9229ffaecfe10a4881bc3f87dd2c184e1" }, { "reference_url": "https://github.com/ansible/ansible/pull/74960", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible/pull/74960" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2021-358.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://security.archlinux.org/AVG-2260", "reference_id": "AVG-2260", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2260" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583", "reference_id": "CVE-2021-3583", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "8.6", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3583" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2663", "reference_id": "RHSA-2021:2663", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2663" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2664", "reference_id": "RHSA-2021:2664", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2664" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373575?format=api", "purl": "pkg:alpm/archlinux/ansible-core@2.11.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.3-1" } ], "aliases": [ "CVE-2021-3583", "GHSA-2pfh-q76x-gwvm", "PYSEC-2021-358" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-axc3-wcsk-q3eg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.11.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/370978?format=api", "purl": "pkg:alpm/archlinux/ansible-core@2.12.1-1", "type": "alpm", "namespace": "archlinux", "name": "ansible-core", "version": "2.12.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80116?format=api", "vulnerability_id": "VCID-65k9-7a9y-cuaw", "summary": "ansible: Secrets leakage vulnerability with ansible collections and ansible galaxy", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3681.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13156", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1314", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13229", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13192", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13265", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1333", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13128", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13209", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.1326", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3681" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407", "reference_id": "1989407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1989407" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3681" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65k9-7a9y-cuaw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/8498?format=api", "vulnerability_id": "VCID-geaa-6dxx-tbcw", "summary": "A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3871", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3872", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3874", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:3874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4703", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:4703" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4750", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2021:4750" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3620.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2021-3620" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52409", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52437", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52402", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52455", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52364", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.525", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52484", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52468", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0029", "scoring_system": "epss", "scoring_elements": "0.52449", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3620" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3620", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3620" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4r65-35qq-ch8j" }, { "reference_url": "https://github.com/ansible/ansible", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/ansible/ansible" }, { "reference_url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://github.com/ansible/ansible/blob/stable-2.9/changelogs/CHANGELOG-v2.9.rst#security-fixes" }, { "reference_url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://github.com/ansible/ansible/commit/fe28767970c8ec62aabe493c46b53a5de1e5fac0" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/ansible/PYSEC-2022-164.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:25Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00018.html" }, { "reference_url": "https://security.archlinux.org/AVG-1941", "reference_id": "AVG-1941", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1941" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620", "reference_id": "CVE-2021-3620", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "6.8", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3620" }, { "reference_url": "https://usn.ubuntu.com/USN-5315-1/", "reference_id": "USN-USN-5315-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-5315-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3620", "GHSA-4r65-35qq-ch8j", "PYSEC-2022-164" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-geaa-6dxx-tbcw" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ansible-core@2.12.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374242?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.7-1", "type": "alpm", "namespace": "archlinux", "name": "ant", "version": "1.10.7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.10.9-1", "latest_non_vulnerable_version": "1.10.11-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32534?format=api", "vulnerability_id": "VCID-53z5-f3xj-z7bf", "summary": "Sensitive Data Exposure in Apache Ant\nApache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04955", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04957", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04921", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04936", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04918", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05432", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05501", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05467", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945" }, { "reference_url": "https://security.gentoo.org/glsa/202007-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202007-34" }, { "reference_url": "https://usn.ubuntu.com/4380-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4380-1" }, { "reference_url": "https://usn.ubuntu.com/4380-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4380-1/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/09/30/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/06/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444", "reference_id": "1837444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630", "reference_id": "960630", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630" }, { "reference_url": "https://security.archlinux.org/ASA-202005-15", "reference_id": "ASA-202005-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-15" }, { "reference_url": "https://security.archlinux.org/AVG-1159", "reference_id": "AVG-1159", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1159" }, { "reference_url": "https://github.com/advisories/GHSA-4p6w-m9wc-c9c9", "reference_id": "GHSA-4p6w-m9wc-c9c9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p6w-m9wc-c9c9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2618", "reference_id": "RHSA-2020:2618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0423", "reference_id": "RHSA-2021:0423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0429", "reference_id": "RHSA-2021:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0429" }, { "reference_url": "https://usn.ubuntu.com/USN-4874-1/", "reference_id": "USN-USN-4874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374193?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-unby-h128-v3bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.8-1" } ], "aliases": [ "CVE-2020-1945", "GHSA-4p6w-m9wc-c9c9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53z5-f3xj-z7bf" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374193?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.8-1", "type": "alpm", "namespace": "archlinux", "name": "ant", "version": "1.10.8-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.10.9-1", "latest_non_vulnerable_version": "1.10.11-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37476?format=api", "vulnerability_id": "VCID-unby-h128-v3bk", "summary": "Code injection in Apache Ant\nAs mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78098", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78077", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78081", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78238", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78233", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78186", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/ant", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ant" }, { "reference_url": "https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428" }, { "reference_url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "reference_url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979" }, { "reference_url": "https://security.gentoo.org/glsa/202011-18", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202011-18" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702", "reference_id": "1903702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612", "reference_id": "971612", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612" }, { "reference_url": "https://security.archlinux.org/ASA-202012-5", "reference_id": "ASA-202012-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-5" }, { "reference_url": "https://security.archlinux.org/AVG-1312", "reference_id": "AVG-1312", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1312" }, { "reference_url": "https://github.com/advisories/GHSA-f62v-xpxf-3v68", "reference_id": "GHSA-f62v-xpxf-3v68", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f62v-xpxf-3v68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0423", "reference_id": "RHSA-2021:0423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0429", "reference_id": "RHSA-2021:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374194?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.9-1" } ], "aliases": [ "CVE-2020-11979", "GHSA-f62v-xpxf-3v68", "GHSA-j45w-qrgf-25vm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-unby-h128-v3bk" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32534?format=api", "vulnerability_id": "VCID-53z5-f3xj-z7bf", "summary": "Sensitive Data Exposure in Apache Ant\nApache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1945.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1945", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04955", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04957", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04921", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04936", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.04918", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05432", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05501", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.05467", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1945" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1945" }, { "reference_url": "https://security.gentoo.org/glsa/202007-34", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202007-34" }, { "reference_url": "https://usn.ubuntu.com/4380-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/4380-1" }, { "reference_url": "https://usn.ubuntu.com/4380-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4380-1/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/09/30/6", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/12/06/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444", "reference_id": "1837444", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1837444" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630", "reference_id": "960630", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=960630" }, { "reference_url": "https://security.archlinux.org/ASA-202005-15", "reference_id": "ASA-202005-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202005-15" }, { "reference_url": "https://security.archlinux.org/AVG-1159", "reference_id": "AVG-1159", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1159" }, { "reference_url": "https://github.com/advisories/GHSA-4p6w-m9wc-c9c9", "reference_id": "GHSA-4p6w-m9wc-c9c9", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4p6w-m9wc-c9c9" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2618", "reference_id": "RHSA-2020:2618", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2618" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4960", "reference_id": "RHSA-2020:4960", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4960" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4961", "reference_id": "RHSA-2020:4961", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4961" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0423", "reference_id": "RHSA-2021:0423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0429", "reference_id": "RHSA-2021:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0429" }, { "reference_url": "https://usn.ubuntu.com/USN-4874-1/", "reference_id": "USN-USN-4874-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/USN-4874-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374193?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.8-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-unby-h128-v3bk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.8-1" } ], "aliases": [ "CVE-2020-1945", "GHSA-4p6w-m9wc-c9c9" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53z5-f3xj-z7bf" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.8-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374194?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.9-1", "type": "alpm", "namespace": "archlinux", "name": "ant", "version": "1.10.9-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1.10.11-1", "latest_non_vulnerable_version": "1.10.11-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37476?format=api", "vulnerability_id": "VCID-unby-h128-v3bk", "summary": "Code injection in Apache Ant\nAs mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the current user was allowed to access them. Unfortunately the fixcrlf task deleted the temporary file and created a new one without said protection, effectively nullifying the effort. This would still allow an attacker to inject modified source files into the build process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-11979.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11979", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78098", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78077", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01104", "scoring_system": "epss", "scoring_elements": "0.78081", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78224", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78194", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78238", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78233", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0112", "scoring_system": "epss", "scoring_elements": "0.78186", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11979" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/ant", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ant" }, { "reference_url": "https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/ant/commit/87ac51d3c22bcf7cfd0dc07cb0bd04a496e0d428" }, { "reference_url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/gradle/gradle/security/advisories/GHSA-j45w-qrgf-25vm" }, { "reference_url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/AALW42FWNQ35F7KB3JVRC6NBVV7AAYYI" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DYBRN5C2RW7JRY75IB7Q7ZVKZCHWAQWS" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U3NRQQ7ECII4ZNGW7GBC225LVYMPQEKB" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11979" }, { "reference_url": "https://security.gentoo.org/glsa/202011-18", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/202011-18" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702", "reference_id": "1903702", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1903702" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612", "reference_id": "971612", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=971612" }, { "reference_url": "https://security.archlinux.org/ASA-202012-5", "reference_id": "ASA-202012-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202012-5" }, { "reference_url": "https://security.archlinux.org/AVG-1312", "reference_id": "AVG-1312", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1312" }, { "reference_url": "https://github.com/advisories/GHSA-f62v-xpxf-3v68", "reference_id": "GHSA-f62v-xpxf-3v68", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f62v-xpxf-3v68" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0423", "reference_id": "RHSA-2021:0423", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0423" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0429", "reference_id": "RHSA-2021:0429", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0429" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374194?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.9-1" } ], "aliases": [ "CVE-2020-11979", "GHSA-f62v-xpxf-3v68", "GHSA-j45w-qrgf-25vm" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-unby-h128-v3bk" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.9-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374777?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.10-1", "type": "alpm", "namespace": "archlinux", "name": "ant", "version": "1.10.10-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.10.11-1", "latest_non_vulnerable_version": "1.10.11-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10910?format=api", "vulnerability_id": "VCID-2a6z-dfqf-5ycb", "summary": "Uncontrolled Resource Consumption\nWhen reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json" }, { "reference_url": "https://ant.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ant.apache.org/security.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24348", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2433", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24287", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24406", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24438", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28248", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210819-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210819-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210819-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210819-0007/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982336", "reference_id": "1982336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982336" }, { "reference_url": "https://security.archlinux.org/ASA-202107-43", "reference_id": "ASA-202107-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-43" }, { "reference_url": "https://security.archlinux.org/AVG-2151", "reference_id": "AVG-2151", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36373", "reference_id": "CVE-2021-36373", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36373" }, { "reference_url": "https://github.com/advisories/GHSA-q5r4-cfpx-h6fh", "reference_id": "GHSA-q5r4-cfpx-h6fh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5r4-cfpx-h6fh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5903", "reference_id": "RHSA-2022:5903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5903" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374778?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.11-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1" } ], "aliases": [ "CVE-2021-36373", "GHSA-q5r4-cfpx-h6fh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2a6z-dfqf-5ycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10909?format=api", "vulnerability_id": "VCID-6uzy-57uy-zkfw", "summary": "Uncontrolled Resource Consumption\nWhen reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json" }, { "reference_url": "https://ant.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ant.apache.org/security.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2984", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29875", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29884", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29966", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29919", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3421", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210819-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210819-0007" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982331", "reference_id": "1982331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982331" }, { "reference_url": "https://security.archlinux.org/ASA-202107-43", "reference_id": "ASA-202107-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-43" }, { "reference_url": "https://security.archlinux.org/AVG-2151", "reference_id": "AVG-2151", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36374", "reference_id": "CVE-2021-36374", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36374" }, { "reference_url": "https://github.com/advisories/GHSA-5v34-g2px-j4fw", "reference_id": "GHSA-5v34-g2px-j4fw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v34-g2px-j4fw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374778?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.11-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1" } ], "aliases": [ "CVE-2021-36374", "GHSA-5v34-g2px-j4fw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uzy-57uy-zkfw" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.10-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374778?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.11-1", "type": "alpm", "namespace": "archlinux", "name": "ant", "version": "1.10.11-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10910?format=api", "vulnerability_id": "VCID-2a6z-dfqf-5ycb", "summary": "Uncontrolled Resource Consumption\nWhen reading a specially crafted TAR archive an Apache Ant build can be made to allocate large amounts of memory that finally leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36373.json" }, { "reference_url": "https://ant.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ant.apache.org/security.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36373", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24348", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.2433", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24287", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24279", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24406", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24438", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28306", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28248", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36373" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36373" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r54afdab05e01de970649c2d91a993f68a6b00cd73e6e34e16c832d46%40%3Cuser.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210819-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210819-0007" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210819-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210819-0007/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982336", "reference_id": "1982336", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982336" }, { "reference_url": "https://security.archlinux.org/ASA-202107-43", "reference_id": "ASA-202107-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-43" }, { "reference_url": "https://security.archlinux.org/AVG-2151", "reference_id": "AVG-2151", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36373", "reference_id": "CVE-2021-36373", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36373" }, { "reference_url": "https://github.com/advisories/GHSA-q5r4-cfpx-h6fh", "reference_id": "GHSA-q5r4-cfpx-h6fh", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-q5r4-cfpx-h6fh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5903", "reference_id": "RHSA-2022:5903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5903" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374778?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.11-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1" } ], "aliases": [ "CVE-2021-36373", "GHSA-q5r4-cfpx-h6fh" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2a6z-dfqf-5ycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10909?format=api", "vulnerability_id": "VCID-6uzy-57uy-zkfw", "summary": "Uncontrolled Resource Consumption\nWhen reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36374.json" }, { "reference_url": "https://ant.apache.org/security.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://ant.apache.org/security.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36374", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.2984", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29875", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29884", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29876", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29966", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00113", "scoring_system": "epss", "scoring_elements": "0.29919", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.34234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0014", "scoring_system": "epss", "scoring_elements": "0.3421", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36374" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36374" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3Ccommits.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3Cnotifications.groovy.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3Cuser.ant.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3Cdev.myfaces.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210819-0007", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.netapp.com/advisory/ntap-20210819-0007" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982331", "reference_id": "1982331", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1982331" }, { "reference_url": "https://security.archlinux.org/ASA-202107-43", "reference_id": "ASA-202107-43", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-43" }, { "reference_url": "https://security.archlinux.org/AVG-2151", "reference_id": "AVG-2151", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2151" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36374", "reference_id": "CVE-2021-36374", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36374" }, { "reference_url": "https://github.com/advisories/GHSA-5v34-g2px-j4fw", "reference_id": "GHSA-5v34-g2px-j4fw", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-5v34-g2px-j4fw" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374778?format=api", "purl": "pkg:alpm/archlinux/ant@1.10.11-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1" } ], "aliases": [ "CVE-2021-36374", "GHSA-5v34-g2px-j4fw" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6uzy-57uy-zkfw" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ant@1.10.11-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373724?format=api", "purl": "pkg:alpm/archlinux/aom@3.0.0-2", "type": "alpm", "namespace": "archlinux", "name": "aom", "version": "3.0.0-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.1.0-1", "latest_non_vulnerable_version": "3.2.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34149?format=api", "vulnerability_id": "VCID-42kw-yczz-q7f9", "summary": "Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3855", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38496", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38632", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38656", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38519", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3857", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38589", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-1925", "reference_id": "AVG-1925", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1925" }, { "reference_url": "https://security.gentoo.org/glsa/202401-32", "reference_id": "GLSA-202401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-32" }, { "reference_url": "https://usn.ubuntu.com/6447-1/", "reference_id": "USN-6447-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6447-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373725?format=api", "purl": "pkg:alpm/archlinux/aom@3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1" } ], "aliases": [ "CVE-2021-30474" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42kw-yczz-q7f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34148?format=api", "vulnerability_id": "VCID-ytsf-k9ep-17h3", "summary": "Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48017", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47949", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48009", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47958", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48011", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48029", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211", "reference_id": "988211", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211" }, { "reference_url": "https://security.archlinux.org/AVG-1925", "reference_id": "AVG-1925", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1925" }, { "reference_url": "https://security.gentoo.org/glsa/202401-32", "reference_id": "GLSA-202401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-32" }, { "reference_url": "https://usn.ubuntu.com/6447-1/", "reference_id": "USN-6447-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6447-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373725?format=api", "purl": "pkg:alpm/archlinux/aom@3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1" } ], "aliases": [ "CVE-2021-30473" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytsf-k9ep-17h3" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.0.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373725?format=api", "purl": "pkg:alpm/archlinux/aom@3.1.0-1", "type": "alpm", "namespace": "archlinux", "name": "aom", "version": "3.1.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.2.0-1", "latest_non_vulnerable_version": "3.2.0-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34149?format=api", "vulnerability_id": "VCID-42kw-yczz-q7f9", "summary": "Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38524", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3855", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38496", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38632", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38656", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38519", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.3857", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38578", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00172", "scoring_system": "epss", "scoring_elements": "0.38589", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-1925", "reference_id": "AVG-1925", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1925" }, { "reference_url": "https://security.gentoo.org/glsa/202401-32", "reference_id": "GLSA-202401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-32" }, { "reference_url": "https://usn.ubuntu.com/6447-1/", "reference_id": "USN-6447-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6447-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373725?format=api", "purl": "pkg:alpm/archlinux/aom@3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1" } ], "aliases": [ "CVE-2021-30474" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-42kw-yczz-q7f9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34148?format=api", "vulnerability_id": "VCID-ytsf-k9ep-17h3", "summary": "Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48017", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48006", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47949", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47988", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48009", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.47958", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48011", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48005", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00247", "scoring_system": "epss", "scoring_elements": "0.48029", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211", "reference_id": "988211", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=988211" }, { "reference_url": "https://security.archlinux.org/AVG-1925", "reference_id": "AVG-1925", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1925" }, { "reference_url": "https://security.gentoo.org/glsa/202401-32", "reference_id": "GLSA-202401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-32" }, { "reference_url": "https://usn.ubuntu.com/6447-1/", "reference_id": "USN-6447-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6447-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373725?format=api", "purl": "pkg:alpm/archlinux/aom@3.1.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1" } ], "aliases": [ "CVE-2021-30473" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ytsf-k9ep-17h3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373404?format=api", "purl": "pkg:alpm/archlinux/aom@3.1.3-2", "type": "alpm", "namespace": "archlinux", "name": "aom", "version": "3.1.3-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.0-1", "latest_non_vulnerable_version": "3.2.0-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34150?format=api", "vulnerability_id": "VCID-ed5k-acd1-27hn", "summary": "Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43753", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4377", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43794", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43727", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43801", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2039", "reference_id": "AVG-2039", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2039" }, { "reference_url": "https://security.gentoo.org/glsa/202401-32", "reference_id": "GLSA-202401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-32" }, { "reference_url": "https://usn.ubuntu.com/6447-1/", "reference_id": "USN-6447-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6447-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373405?format=api", "purl": "pkg:alpm/archlinux/aom@3.2.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.2.0-1" } ], "aliases": [ "CVE-2021-30475" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed5k-acd1-27hn" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.1.3-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373405?format=api", "purl": "pkg:alpm/archlinux/aom@3.2.0-1", "type": "alpm", "namespace": "archlinux", "name": "aom", "version": "3.2.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34150?format=api", "vulnerability_id": "VCID-ed5k-acd1-27hn", "summary": "Multiple vulnerabilities have been discovered in libaom, the worst of which can lead to remote code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43753", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43769", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.4377", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43794", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43727", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43781", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00212", "scoring_system": "epss", "scoring_elements": "0.43801", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30475" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36130" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30473" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30474" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30475" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.archlinux.org/AVG-2039", "reference_id": "AVG-2039", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2039" }, { "reference_url": "https://security.gentoo.org/glsa/202401-32", "reference_id": "GLSA-202401-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202401-32" }, { "reference_url": "https://usn.ubuntu.com/6447-1/", "reference_id": "USN-6447-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6447-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373405?format=api", "purl": "pkg:alpm/archlinux/aom@3.2.0-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.2.0-1" } ], "aliases": [ "CVE-2021-30475" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ed5k-acd1-27hn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aom@3.2.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372977?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.25-3", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.25-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.26-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3769?format=api", "vulnerability_id": "VCID-1189-ej89-hybs", "summary": "mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96968", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96996", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.9698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96982", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197", "reference_id": "1463197", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3169.json", "reference_id": "CVE-2017-3169", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3169.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-3169" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3772?format=api", "vulnerability_id": "VCID-fyrq-yg2u-jkc7", "summary": "mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96661", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96725", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.9673", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96739", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96742", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96726", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207", "reference_id": "1463207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7679.json", "reference_id": "CVE-2017-7679", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7679.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-7679" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3768?format=api", "vulnerability_id": "VCID-qayj-kts9-3fde", "summary": "Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93162", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93187", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.9319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93176", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93174", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194", "reference_id": "1463194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3167.json", "reference_id": "CVE-2017-3167", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3167.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-3167" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3771?format=api", "vulnerability_id": "VCID-twj7-4qwm-2khv", "summary": "The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98519", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.9853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98523", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98524", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205", "reference_id": "1463205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7668.json", "reference_id": "CVE-2017-7668", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7668.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-7668" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twj7-4qwm-2khv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3770?format=api", "vulnerability_id": "VCID-wshe-gf99-tbg6", "summary": "A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.9722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.9723", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97219", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199", "reference_id": "1463199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7659.json", "reference_id": "CVE-2017-7659", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7659.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-7659" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wshe-gf99-tbg6" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.25-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.26-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.27-2", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3769?format=api", "vulnerability_id": "VCID-1189-ej89-hybs", "summary": "mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3169.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96968", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96996", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96992", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96976", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.9698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34517", "scoring_system": "epss", "scoring_elements": "0.96982", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197", "reference_id": "1463197", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463197" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3169.json", "reference_id": "CVE-2017-3169", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3169.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-3169" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1189-ej89-hybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3772?format=api", "vulnerability_id": "VCID-fyrq-yg2u-jkc7", "summary": "mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7679.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.30062", "scoring_system": "epss", "scoring_elements": "0.96661", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96725", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96715", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.9673", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96738", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96739", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96742", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.31057", "scoring_system": "epss", "scoring_elements": "0.96726", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7679" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207", "reference_id": "1463207", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463207" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7679.json", "reference_id": "CVE-2017-7679", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7679.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-7679" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fyrq-yg2u-jkc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3768?format=api", "vulnerability_id": "VCID-qayj-kts9-3fde", "summary": "Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response, to avoid incorrectly authenticating the current request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3167.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93162", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93191", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93183", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93187", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93192", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.9319", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93172", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93176", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10349", "scoring_system": "epss", "scoring_elements": "0.93174", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194", "reference_id": "1463194", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463194" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-3167.json", "reference_id": "CVE-2017-3167", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-3167.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-3167" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qayj-kts9-3fde" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3771?format=api", "vulnerability_id": "VCID-twj7-4qwm-2khv", "summary": "The HTTP strict parsing changes added in 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7668.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98519", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.9853", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98527", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98529", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98521", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98523", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.66384", "scoring_system": "epss", "scoring_elements": "0.98524", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3167" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7668" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7679" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205", "reference_id": "1463205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463205" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7668.json", "reference_id": "CVE-2017-7668", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7668.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://usn.ubuntu.com/3340-1/", "reference_id": "USN-3340-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3340-1/" }, { "reference_url": "https://usn.ubuntu.com/3373-1/", "reference_id": "USN-3373-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3373-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-7668" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-twj7-4qwm-2khv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3770?format=api", "vulnerability_id": "VCID-wshe-gf99-tbg6", "summary": "A maliciously constructed HTTP/2 request could cause mod_http2 to dereference a NULL pointer and crash the server process.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7659.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7659", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97235", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.9722", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.9723", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97231", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97234", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97213", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38383", "scoring_system": "epss", "scoring_elements": "0.97219", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7659" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7659" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199", "reference_id": "1463199", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1463199" }, { "reference_url": "https://security.archlinux.org/ASA-201706-34", "reference_id": "ASA-201706-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-34" }, { "reference_url": "https://security.archlinux.org/AVG-316", "reference_id": "AVG-316", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-316" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-7659.json", "reference_id": "CVE-2017-7659", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-7659.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372978?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" } ], "aliases": [ "CVE-2017-7659" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wshe-gf99-tbg6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371537?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.26-3", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.26-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.27-2", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3773?format=api", "vulnerability_id": "VCID-jt89-ruvk-1kbj", "summary": "The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97921", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97934", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97941", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97942", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97924", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97929", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748", "reference_id": "1470748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467", "reference_id": "868467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467" }, { "reference_url": "https://security.archlinux.org/ASA-201707-15", "reference_id": "ASA-201707-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-15" }, { "reference_url": "https://security.archlinux.org/AVG-350", "reference_id": "AVG-350", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-350" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9788.json", "reference_id": "CVE-2017-9788", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9788.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2708", "reference_id": "RHSA-2017:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2709", "reference_id": "RHSA-2017:2709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2710", "reference_id": "RHSA-2017:2710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://usn.ubuntu.com/3370-1/", "reference_id": "USN-3370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-1/" }, { "reference_url": "https://usn.ubuntu.com/3370-2/", "reference_id": "USN-3370-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371538?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5bej-9h7w-33c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1" } ], "aliases": [ "CVE-2017-9788" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3774?format=api", "vulnerability_id": "VCID-khfr-kgtb-rfam", "summary": "When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93796", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93836", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93827", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.9383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93835", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93814", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470750", "reference_id": "1470750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470750" }, { "reference_url": "https://security.archlinux.org/ASA-201707-15", "reference_id": "ASA-201707-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-15" }, { "reference_url": "https://security.archlinux.org/AVG-350", "reference_id": "AVG-350", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-350" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9789.json", "reference_id": "CVE-2017-9789", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9789.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371538?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5bej-9h7w-33c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1" } ], "aliases": [ "CVE-2017-9789" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.26-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/371538?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.27-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.27-2", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3775?format=api", "vulnerability_id": "VCID-5bej-9h7w-33c8", "summary": "When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/09/18/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2017/09/18/2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99862", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99865", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99864", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99863", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798" }, { "reference_url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" }, { "reference_url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Sep/22", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2024/Sep/22" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a" }, { "reference_url": "https://github.com/hannob/optionsbleed", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hannob/optionsbleed" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180601-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180601-0003/" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2017-9798" }, { "reference_url": "https://support.apple.com/HT208331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT208331" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" }, { "reference_url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch" }, { "reference_url": "https://www.exploit-db.com/exploits/42745/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/42745/" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3980", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3980" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/100872", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100872" }, { "reference_url": "http://www.securityfocus.com/bid/105598", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105598" }, { "reference_url": "http://www.securitytracker.com/id/1039387", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039387" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344", "reference_id": "1490344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109", "reference_id": "876109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109" }, { "reference_url": "https://security.archlinux.org/ASA-201709-15", "reference_id": "ASA-201709-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-15" }, { "reference_url": "https://security.archlinux.org/AVG-404", "reference_id": "AVG-404", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-404" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9798.json", "reference_id": "CVE-2017-9798", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9798.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "reference_id": "CVE-2017-9798", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "reference_url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2882", "reference_id": "RHSA-2017:2882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2972", "reference_id": "RHSA-2017:2972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3018", "reference_id": "RHSA-2017:3018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3425-1/", "reference_id": "USN-3425-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-1/" }, { "reference_url": "https://usn.ubuntu.com/3425-2/", "reference_id": "USN-3425-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372929?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-2" } ], "aliases": [ "CVE-2017-9798" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3773?format=api", "vulnerability_id": "VCID-jt89-ruvk-1kbj", "summary": "The value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments. by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9788.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97921", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97944", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97934", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97941", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97942", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97924", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97926", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.52641", "scoring_system": "epss", "scoring_elements": "0.97929", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9788" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9788" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748", "reference_id": "1470748", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470748" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467", "reference_id": "868467", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868467" }, { "reference_url": "https://security.archlinux.org/ASA-201707-15", "reference_id": "ASA-201707-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-15" }, { "reference_url": "https://security.archlinux.org/AVG-350", "reference_id": "AVG-350", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-350" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9788.json", "reference_id": "CVE-2017-9788", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9788.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2478", "reference_id": "RHSA-2017:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2479", "reference_id": "RHSA-2017:2479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2483", "reference_id": "RHSA-2017:2483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2708", "reference_id": "RHSA-2017:2708", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2708" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2709", "reference_id": "RHSA-2017:2709", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2709" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2710", "reference_id": "RHSA-2017:2710", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2710" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://usn.ubuntu.com/3370-1/", "reference_id": "USN-3370-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-1/" }, { "reference_url": "https://usn.ubuntu.com/3370-2/", "reference_id": "USN-3370-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3370-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371538?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5bej-9h7w-33c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1" } ], "aliases": [ "CVE-2017-9788" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jt89-ruvk-1kbj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3774?format=api", "vulnerability_id": "VCID-khfr-kgtb-rfam", "summary": "When under stress, closing many connections, the HTTP/2 handling code would sometimes access memory after it has been freed, resulting in potentially erratic behaviour.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9789.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9789", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93796", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93836", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93818", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93827", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.9383", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93835", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93805", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12192", "scoring_system": "epss", "scoring_elements": "0.93814", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9789" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:P" }, { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470750", "reference_id": "1470750", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1470750" }, { "reference_url": "https://security.archlinux.org/ASA-201707-15", "reference_id": "ASA-201707-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-15" }, { "reference_url": "https://security.archlinux.org/AVG-350", "reference_id": "AVG-350", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-350" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9789.json", "reference_id": "CVE-2017-9789", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9789.json" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371538?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5bej-9h7w-33c8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1" } ], "aliases": [ "CVE-2017-9789" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-khfr-kgtb-rfam" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372929?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-2", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.27-2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.33-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3775?format=api", "vulnerability_id": "VCID-5bej-9h7w-33c8", "summary": "When an unrecognized HTTP Method is given in an <Limit {method}> directive in an .htaccess file, and that .htaccess file is processed by the corresponding request, the global methods table is corrupted in the current worker process, resulting in erratic behaviour. This behavior may be avoided by listing all unusual HTTP Methods in a global httpd.conf RegisterHttpMethod directive in httpd release 2.4.25 and later. To permit other .htaccess directives while denying the <Limit > directive, see the AllowOverrideList directive. Source code patch (2.4) is at; CVE-2017-9798-patch-2.4.patch Source code patch (2.2) is at; CVE-2017-9798-patch-2.2.patch Note 2.2 is end-of-life, no further release with this fix is planned. Users are encouraged to migrate to 2.4.28 or later for this and other fixes.", "references": [ { "reference_url": "http://openwall.com/lists/oss-security/2017/09/18/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2017/09/18/2" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3113", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3113" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3114", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3114" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99862", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99865", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99864", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.9384", "scoring_system": "epss", "scoring_elements": "0.99863", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-9798" }, { "reference_url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html" }, { "reference_url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9798" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Sep/22", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2024/Sep/22" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a" }, { "reference_url": "https://github.com/hannob/optionsbleed", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hannob/optionsbleed" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180601-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180601-0003/" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2017-9798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2017-9798" }, { "reference_url": "https://support.apple.com/HT208331", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT208331" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" }, { "reference_url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch" }, { "reference_url": "https://www.exploit-db.com/exploits/42745/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/42745/" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3980", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3980" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/100872", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100872" }, { "reference_url": "http://www.securityfocus.com/bid/105598", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105598" }, { "reference_url": "http://www.securitytracker.com/id/1039387", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039387" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344", "reference_id": "1490344", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1490344" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109", "reference_id": "876109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876109" }, { "reference_url": "https://security.archlinux.org/ASA-201709-15", "reference_id": "ASA-201709-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201709-15" }, { "reference_url": "https://security.archlinux.org/AVG-404", "reference_id": "AVG-404", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-404" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-9798.json", "reference_id": "CVE-2017-9798", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-9798.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798", "reference_id": "CVE-2017-9798", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9798" }, { "reference_url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://github.com/hannob/optionsbleed/blob/e297ce13cfb0f338b2cabfb81a70349fd6925f82/optionsbleed" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py", "reference_id": "CVE-2017-9798;OPTIONSBLEED", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/webapps/42745.py" }, { "reference_url": "https://security.gentoo.org/glsa/201710-32", "reference_id": "GLSA-201710-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201710-32" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2882", "reference_id": "RHSA-2017:2882", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2882" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2972", "reference_id": "RHSA-2017:2972", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2972" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3018", "reference_id": "RHSA-2017:3018", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3018" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3193", "reference_id": "RHSA-2017:3193", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3193" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3194", "reference_id": "RHSA-2017:3194", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3194" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3195", "reference_id": "RHSA-2017:3195", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3195" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3239", "reference_id": "RHSA-2017:3239", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3239" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3240", "reference_id": "RHSA-2017:3240", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3240" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://usn.ubuntu.com/3425-1/", "reference_id": "USN-3425-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-1/" }, { "reference_url": "https://usn.ubuntu.com/3425-2/", "reference_id": "USN-3425-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3425-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372929?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.27-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-2" } ], "aliases": [ "CVE-2017-9798" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5bej-9h7w-33c8" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.27-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/374397?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.29-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.29-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.33-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3778?format=api", "vulnerability_id": "VCID-9qdr-1v39-d7b7", "summary": "When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87316", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.8732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87306", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395", "reference_id": "1560395", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1283.json", "reference_id": "CVE-2018-1283", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1283.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1283" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3780?format=api", "vulnerability_id": "VCID-apfh-r85v-dbhz", "summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93766", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93798", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93805", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93789", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625", "reference_id": "1560625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1302.json", "reference_id": "CVE-2018-1302", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1302.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://usn.ubuntu.com/3783-1/", "reference_id": "USN-3783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3783-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1302" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3782?format=api", "vulnerability_id": "VCID-fqem-96w3-rucb", "summary": "When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91622", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91663", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91664", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91667", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91642", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91655", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634", "reference_id": "1560634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1312.json", "reference_id": "CVE-2018-1312", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1312.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1898", "reference_id": "RHSA-2019:1898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1898" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1312" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3779?format=api", "vulnerability_id": "VCID-jzuw-73df-mfff", "summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91755", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.918", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.9177", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91777", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.9179", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643", "reference_id": "1560643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1301.json", "reference_id": "CVE-2018-1301", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1301.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1301" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3777?format=api", "vulnerability_id": "VCID-q5wm-suxb-jfeb", "summary": "The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99909", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99908", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614", "reference_id": "1560614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15715.json", "reference_id": "CVE-2017-15715", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15715.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2017-15715" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3781?format=api", "vulnerability_id": "VCID-scf1-zmu7-e3b2", "summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97315", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97337", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97321", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97332", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399", "reference_id": "1560399", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1303.json", "reference_id": "CVE-2018-1303", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1303.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1303" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3776?format=api", "vulnerability_id": "VCID-zc2p-sfu7-jkhc", "summary": "mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92105", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.9208", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92085", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599", "reference_id": "1560599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15710.json", "reference_id": "CVE-2017-15710", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15710.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2017-15710" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.29-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.33-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.34-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3778?format=api", "vulnerability_id": "VCID-9qdr-1v39-d7b7", "summary": "When mod_session is configured to forward its session data to CGI applications (SessionEnv on, not the default), a remote user may influence their content by using a \"Session\" header. This comes from the \"HTTP_SESSION\" variable name used by mod_session to forward its data to CGIs, since the prefix \"HTTP_\" is also used by the Apache HTTP Server to pass HTTP header fields, per CGI specifications. The severity is set to Moderate because \"SessionEnv on\" is not a default nor common configuration, it should be considered more severe when this is the case though, because of the possible remote exploitation.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1283.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87263", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87316", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87313", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87326", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.8732", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87273", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87287", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03348", "scoring_system": "epss", "scoring_elements": "0.87306", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395", "reference_id": "1560395", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560395" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1283.json", "reference_id": "CVE-2018-1283", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1283.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1283" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9qdr-1v39-d7b7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3780?format=api", "vulnerability_id": "VCID-apfh-r85v-dbhz", "summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.33 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerabilty hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1302.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1302", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93766", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93806", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93798", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93801", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93805", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93776", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93785", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12125", "scoring_system": "epss", "scoring_elements": "0.93789", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1302" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1302" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625", "reference_id": "1560625", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560625" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1302.json", "reference_id": "CVE-2018-1302", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1302.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://usn.ubuntu.com/3783-1/", "reference_id": "USN-3783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3783-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1302" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-apfh-r85v-dbhz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3782?format=api", "vulnerability_id": "VCID-fqem-96w3-rucb", "summary": "When generating an HTTP Digest authentication challenge, the nonce sent to prevent reply attacks was not correctly generated using a pseudo-random seed. In a cluster of servers using a common Digest authentication configuration, HTTP requests could be replayed across servers by an attacker without detection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1312.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91622", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91663", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91664", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91667", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91634", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91642", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0728", "scoring_system": "epss", "scoring_elements": "0.91655", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1312" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634", "reference_id": "1560634", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560634" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1312.json", "reference_id": "CVE-2018-1312", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1312.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1898", "reference_id": "RHSA-2019:1898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1898" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1312" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fqem-96w3-rucb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3779?format=api", "vulnerability_id": "VCID-jzuw-73df-mfff", "summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.33, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91755", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91797", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.918", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.9177", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.91777", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07499", "scoring_system": "epss", "scoring_elements": "0.9179", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643", "reference_id": "1560643", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560643" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1301.json", "reference_id": "CVE-2018-1301", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1301.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1301" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jzuw-73df-mfff" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3777?format=api", "vulnerability_id": "VCID-q5wm-suxb-jfeb", "summary": "The expression specified in <FilesMatch> could match '$' to a newline character in a malicious filename, rather than matching only the end of the filename. This could be exploited in environments where uploads of some files are are externally blocked, but only by matching the trailing portion of the filename.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15715.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99909", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99907", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.94103", "scoring_system": "epss", "scoring_elements": "0.99908", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614", "reference_id": "1560614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560614" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15715.json", "reference_id": "CVE-2017-15715", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15715.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2017-15715" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q5wm-suxb-jfeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3781?format=api", "vulnerability_id": "VCID-scf1-zmu7-e3b2", "summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.33 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1303.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97315", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97337", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97333", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97335", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97321", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97326", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.40137", "scoring_system": "epss", "scoring_elements": "0.97332", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399", "reference_id": "1560399", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560399" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1303.json", "reference_id": "CVE-2018-1303", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1303.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2018-1303" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-scf1-zmu7-e3b2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3776?format=api", "vulnerability_id": "VCID-zc2p-sfu7-jkhc", "summary": "mod_authnz_ldap, if configured with AuthLDAPCharsetConfig, uses the Accept-Language header value to lookup the right charset encoding when verifying the user's credentials. If the header value is not present in the charset conversion table, a fallback mechanism is used to truncate it to a two characters value to allow a quick retry (for example, 'en-US' is truncated to 'en'). A header value of less than two characters forces an out of bound write of one NUL byte to a memory location that is not part of the string. In the worst case, quite unlikely, the process would crash which could be used as a Denial of Service attack. In the more likely case, this memory is already reserved for future use and the issue has no effect at all.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15710.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92105", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92097", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.921", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92104", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92072", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.9208", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.08002", "scoring_system": "epss", "scoring_elements": "0.92085", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15710" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15715" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1283" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1301" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1303" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1312" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599", "reference_id": "1560599", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560599" }, { "reference_url": "https://security.archlinux.org/ASA-201804-4", "reference_id": "ASA-201804-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201804-4" }, { "reference_url": "https://security.archlinux.org/AVG-664", "reference_id": "AVG-664", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-664" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2017-15710.json", "reference_id": "CVE-2017-15710", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2017-15710.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://usn.ubuntu.com/3627-1/", "reference_id": "USN-3627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-1/" }, { "reference_url": "https://usn.ubuntu.com/3627-2/", "reference_id": "USN-3627-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3627-2/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374398?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" } ], "aliases": [ "CVE-2017-15710" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zc2p-sfu7-jkhc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374375?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.33-3", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.33-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.34-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3783?format=api", "vulnerability_id": "VCID-9vzm-qtye-ufh2", "summary": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3558" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92958", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92987", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.9297", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92978", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92971", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0007/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securitytracker.com/id/1041402", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041402" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048", "reference_id": "1605048", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106", "reference_id": "904106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106" }, { "reference_url": "https://security.archlinux.org/ASA-201807-12", "reference_id": "ASA-201807-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-12" }, { "reference_url": "https://security.archlinux.org/AVG-736", "reference_id": "AVG-736", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-736" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1333.json", "reference_id": "CVE-2018-1333", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1333.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333", "reference_id": "CVE-2018-1333", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://usn.ubuntu.com/3783-1/", "reference_id": "USN-3783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3783-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374376?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.34-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1" } ], "aliases": [ "CVE-2018-1333" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3784?format=api", "vulnerability_id": "VCID-qc9j-x576-ayc1", "summary": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99199", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99208", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99207", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99203", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99209", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0007/" }, { "reference_url": "http://www.securitytracker.com/id/1041401", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605052", "reference_id": "1605052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605052" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107", "reference_id": "904107", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107" }, { "reference_url": "https://security.archlinux.org/ASA-201807-12", "reference_id": "ASA-201807-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-12" }, { "reference_url": "https://security.archlinux.org/AVG-736", "reference_id": "AVG-736", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-736" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-8011.json", "reference_id": "CVE-2018-8011", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-8011.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011", "reference_id": "CVE-2018-8011", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374376?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.34-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1" } ], "aliases": [ "CVE-2018-8011" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9j-x576-ayc1" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.33-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374376?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.34-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.34-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.39-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3783?format=api", "vulnerability_id": "VCID-9vzm-qtye-ufh2", "summary": "By specially crafting HTTP/2 requests, workers would be allocated 60 seconds longer than necessary, leading to worker exhaustion and a denial of service. This issue only affects servers that have configured and enabled HTTP/2 support, which is not the default", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3558", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3558" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1333.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92958", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92987", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.9297", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92978", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92983", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92967", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09859", "scoring_system": "epss", "scoring_elements": "0.92971", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1333" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1333" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-1333" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0007/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securitytracker.com/id/1041402", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041402" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048", "reference_id": "1605048", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106", "reference_id": "904106", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904106" }, { "reference_url": "https://security.archlinux.org/ASA-201807-12", "reference_id": "ASA-201807-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-12" }, { "reference_url": "https://security.archlinux.org/AVG-736", "reference_id": "AVG-736", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-736" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-1333.json", "reference_id": "CVE-2018-1333", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-1333.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333", "reference_id": "CVE-2018-1333", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0366", "reference_id": "RHSA-2019:0366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0367", "reference_id": "RHSA-2019:0367", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0367" }, { "reference_url": "https://usn.ubuntu.com/3783-1/", "reference_id": "USN-3783-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3783-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374376?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.34-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1" } ], "aliases": [ "CVE-2018-1333" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9vzm-qtye-ufh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3784?format=api", "vulnerability_id": "VCID-qc9j-x576-ayc1", "summary": "By specially crafting HTTP requests, the mod_md challenge handler would dereference a NULL pointer and cause the child process to segfault. This could be used to DoS the server.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-8011.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99199", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99201", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99208", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99207", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99203", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.8201", "scoring_system": "epss", "scoring_elements": "0.99209", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-8011" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8011" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2018-8011" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0007/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0007/" }, { "reference_url": "http://www.securitytracker.com/id/1041401", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1041401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605052", "reference_id": "1605052", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1605052" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107", "reference_id": "904107", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=904107" }, { "reference_url": "https://security.archlinux.org/ASA-201807-12", "reference_id": "ASA-201807-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-12" }, { "reference_url": "https://security.archlinux.org/AVG-736", "reference_id": "AVG-736", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-736" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-8011.json", "reference_id": "CVE-2018-8011", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-8011.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011", "reference_id": "CVE-2018-8011", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8011" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374376?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.34-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1" } ], "aliases": [ "CVE-2018-8011" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qc9j-x576-ayc1" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.34-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372612?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.37-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.37-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.39-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3786?format=api", "vulnerability_id": "VCID-7u2r-egf2-vfhx", "summary": "By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90332", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.9031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90339", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90338", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90305", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securityfocus.com/bid/106685", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106685" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497", "reference_id": "1668497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302", "reference_id": "920302", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-17189.json", "reference_id": "CVE-2018-17189", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-17189.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189", "reference_id": "CVE-2018-17189", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371357?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.38-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1" } ], "aliases": [ "CVE-2018-17189" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3788?format=api", "vulnerability_id": "VCID-7vjg-vetg-p7f6", "summary": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95031", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95063", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95042", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95045", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securityfocus.com/bid/106743", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668488", "reference_id": "1668488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668488" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220", "reference_id": "920220", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0190.json", "reference_id": "CVE-2019-0190", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0190.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0190", "reference_id": "CVE-2019-0190", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371357?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.38-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1" } ], "aliases": [ "CVE-2019-0190" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjg-vetg-p7f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3787?format=api", "vulnerability_id": "VCID-ct26-19cq-8kd7", "summary": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93236", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.9322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93237", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93222", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securityfocus.com/bid/106742", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106742" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493", "reference_id": "1668493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303", "reference_id": "920303", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-17199.json", "reference_id": "CVE-2018-17199", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-17199.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199", "reference_id": "CVE-2018-17199", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371357?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.38-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1" } ], "aliases": [ "CVE-2018-17199" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.37-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371357?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.38-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.38-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.39-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3790?format=api", "vulnerability_id": "VCID-4sss-a8ne-kqbc", "summary": "When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the \"H2Upgrade on\" is unaffected by this.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84326", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84397", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84401", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.8434", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.8439", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042", "reference_id": "1695042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0197.json", "reference_id": "CVE-2019-0197", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0197.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0197" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3789?format=api", "vulnerability_id": "VCID-6vxq-uxxw-ybeh", "summary": "Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92804", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.9283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92823", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92827", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92831", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92814", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030", "reference_id": "1695030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0196.json", "reference_id": "CVE-2019-0196", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0196.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0196" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3791?format=api", "vulnerability_id": "VCID-ehv1-yvpu-ubcg", "summary": "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html" }, { "reference_url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html" }, { "reference_url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0959", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1543", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1543" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90159", "scoring_system": "epss", "scoring_elements": "0.99586", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.9026", "scoring_system": "epss", "scoring_elements": "0.99594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.9026", "scoring_system": "epss", "scoring_elements": "0.99593", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90908", "scoring_system": "epss", "scoring_elements": "0.99632", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/16" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K32957101", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://support.f5.com/csp/article/K32957101" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.exploit-db.com/exploits/46676/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.exploit-db.com/exploits/46676/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_14" }, { "reference_url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/26/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/07/26/7" }, { "reference_url": "http://www.securityfocus.com/bid/107666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.securityfocus.com/bid/107666" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694980", "reference_id": "1694980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694980" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php", "reference_id": "CVE-2019-0211", "reference_type": "exploit", "scores": [], "url": "https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php", "reference_id": "CVE-2019-0211", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0211.json", "reference_id": "CVE-2019-0211", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0211.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0211", "reference_id": "CVE-2019-0211", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0211" }, { "reference_url": "https://security.gentoo.org/glsa/201904-20", "reference_id": "GLSA-201904-20", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://security.gentoo.org/glsa/201904-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0746", "reference_id": "RHSA-2019:0746", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0980", "reference_id": "RHSA-2019:0980", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1296", "reference_id": "RHSA-2019:1296", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1297", "reference_id": "RHSA-2019:1297", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1297" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0211" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3793?format=api", "vulnerability_id": "VCID-ugdv-apr8-g3bz", "summary": "In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91756", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91791", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91771", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K59440504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K59440504" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/4" }, { "reference_url": "http://www.securityfocus.com/bid/107667", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695025", "reference_id": "1695025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695025" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0215.json", "reference_id": "CVE-2019-0215", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0215.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0215", "reference_id": "CVE-2019-0215", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0980", "reference_id": "RHSA-2019:0980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0980" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0215" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdv-apr8-g3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3795?format=api", "vulnerability_id": "VCID-uwqg-yytc-vfae", "summary": "When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95478", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95507", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95512", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95488", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95505", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036", "reference_id": "1695036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0220.json", "reference_id": "CVE-2019-0220", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0220.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0250", "reference_id": "RHSA-2020:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0251", "reference_id": "RHSA-2020:0251", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0251" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0220" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3794?format=api", "vulnerability_id": "VCID-w6p6-u8ku-k3f6", "summary": "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97464", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97488", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97481", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97482", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97471", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/5" }, { "reference_url": "http://www.securityfocus.com/bid/107668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020", "reference_id": "1695020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0217.json", "reference_id": "CVE-2019-0217", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0217.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217", "reference_id": "CVE-2019-0217", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0217" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3786?format=api", "vulnerability_id": "VCID-7u2r-egf2-vfhx", "summary": "By sending request bodies in a slow loris way to plain resources, the h2 stream for that request unnecessarily occupied a server thread cleaning up that incoming data. This affects only HTTP/2 connections. A possible mitigation is to not enable the h2 protocol.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17189.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90332", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.9031", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90324", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90339", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90338", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90292", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05616", "scoring_system": "epss", "scoring_elements": "0.90305", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY7SJQOO3PYFVINZW6H5EK4EZ3HSGZNM/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U7N3DUEBFVGQWQEME5HTPTTKDHGHBAC6/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securityfocus.com/bid/106685", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106685" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497", "reference_id": "1668497", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668497" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302", "reference_id": "920302", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920302" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.23:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.26:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.27:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.34:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sun_zfs_storage_appliance_kit:8.8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-17189.json", "reference_id": "CVE-2018-17189", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-17189.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189", "reference_id": "CVE-2018-17189", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17189" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371357?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.38-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1" } ], "aliases": [ "CVE-2018-17189" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7u2r-egf2-vfhx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3788?format=api", "vulnerability_id": "VCID-7vjg-vetg-p7f6", "summary": "A bug exists in the way mod_ssl handled client renegotiations. A remote attacker could send a carefully crafted request that would cause mod_ssl to enter a loop leading to a denial of service. This bug can be only triggered with Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to handling of renegotiation attempts.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0190.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0190", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95031", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95052", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95056", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95061", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95063", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95042", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.17386", "scoring_system": "epss", "scoring_elements": "0.95045", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0190" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0190" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "http://www.securityfocus.com/bid/106743", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106743" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668488", "reference_id": "1668488", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668488" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220", "reference_id": "920220", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920220" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0190.json", "reference_id": "CVE-2019-0190", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0190.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0190", "reference_id": "CVE-2019-0190", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0190" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371357?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.38-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1" } ], "aliases": [ "CVE-2019-0190" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7vjg-vetg-p7f6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3787?format=api", "vulnerability_id": "VCID-ct26-19cq-8kd7", "summary": "In Apache HTTP Server 2.4 release 2.4.37 and prior, mod_session checks the session expiry time before decoding the session. This causes session expiry time to be ignored for mod_session_cookie sessions since the expiry time is loaded when the session is decoded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-17199.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93208", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93236", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.9322", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93228", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93233", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93237", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93234", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93217", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10459", "scoring_system": "epss", "scoring_elements": "0.93222", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/01/msg00024.html" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.gentoo.org/glsa/201903-21", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-21" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190125-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190125-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.tenable.com/security/tns-2019-09", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.tenable.com/security/tns-2019-09" }, { "reference_url": "http://www.securityfocus.com/bid/106742", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106742" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493", "reference_id": "1668493", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1668493" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303", "reference_id": "920303", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=920303" }, { "reference_url": "https://security.archlinux.org/ASA-201901-14", "reference_id": "ASA-201901-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201901-14" }, { "reference_url": "https://security.archlinux.org/AVG-857", "reference_id": "AVG-857", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-857" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:santricity_cloud_connector:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2018-17199.json", "reference_id": "CVE-2018-17199", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2018-17199.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199", "reference_id": "CVE-2018-17199", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-17199" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1121", "reference_id": "RHSA-2020:1121", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1121" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1809", "reference_id": "RHSA-2021:1809", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1809" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371357?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.38-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4sss-a8ne-kqbc" }, { "vulnerability": "VCID-6vxq-uxxw-ybeh" }, { "vulnerability": "VCID-ehv1-yvpu-ubcg" }, { "vulnerability": "VCID-ugdv-apr8-g3bz" }, { "vulnerability": "VCID-uwqg-yytc-vfae" }, { "vulnerability": "VCID-w6p6-u8ku-k3f6" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1" } ], "aliases": [ "CVE-2018-17199" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ct26-19cq-8kd7" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.38-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.39-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.43-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3790?format=api", "vulnerability_id": "VCID-4sss-a8ne-kqbc", "summary": "When HTTP/2 was enabled for a http: host or H2Upgrade was enabled for h2 on a https: host, an Upgrade request from http/1.1 to http/2 that was not the first request on a connection could lead to a misconfiguration and crash. A server that never enabled the h2 protocol or that only enabled it for https: and did not configure the \"H2Upgrade on\" is unaffected by this.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0197.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0197", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84326", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84397", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84408", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84401", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.8434", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84363", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.84385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02193", "scoring_system": "epss", "scoring_elements": "0.8439", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0197" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0197" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042", "reference_id": "1695042", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695042" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0197.json", "reference_id": "CVE-2019-0197", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0197.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4113-1/", "reference_id": "USN-4113-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4113-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0197" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4sss-a8ne-kqbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3789?format=api", "vulnerability_id": "VCID-6vxq-uxxw-ybeh", "summary": "Using fuzzed network input, the http/2 request handling could be made to access freed memory in string comparision when determining the method of a request and thus process the request incorrectly.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0196.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92804", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.9283", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92823", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92827", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92831", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92811", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92816", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.09496", "scoring_system": "epss", "scoring_elements": "0.92814", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030", "reference_id": "1695030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695030" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0196.json", "reference_id": "CVE-2019-0196", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0196.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0196" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6vxq-uxxw-ybeh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3791?format=api", "vulnerability_id": "VCID-ehv1-yvpu-ubcg", "summary": "In Apache HTTP Server 2.4 releases 2.4.17 to 2.4.38, with MPM event, worker or prefork, code executing in less-privileged child processes or threads (including scripts executed by an in-process scripting interpreter) could execute arbitrary code with the privileges of the parent process (usually root) by manipulating the scoreboard. Non-Unix systems are not affected.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html" }, { "reference_url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152386/Apache-2.4.38-Root-Privilege-Escalation.html" }, { "reference_url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152415/Slackware-Security-Advisory-httpd-Updates.html" }, { "reference_url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://packetstormsecurity.com/files/152441/CARPE-DIEM-Apache-2.4.x-Local-Privilege-Escalation.html" }, { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0959", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0959" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1543", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1543" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0211.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90159", "scoring_system": "epss", "scoring_elements": "0.99586", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.9026", "scoring_system": "epss", "scoring_elements": "0.99594", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.9026", "scoring_system": "epss", "scoring_elements": "0.99593", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90908", "scoring_system": "epss", "scoring_elements": "0.99632", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/890507b85c30adf133216b299cc35cd8cd0346a885acfc671c04694e%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/b1613d44ec364c87bb7ee8c5939949f9b061c05c06e0e90098ebf7aa%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/b2bdb308dc015e771ba79c0586b2de6fb50caa98b109833f5d4daf28%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/de881a130bc9cb2f3a9ff220784520556884fb8ea80e69400a45509e%40%3Cdev.community.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/fd110f4ace2d8364c7d9190e1993cde92f79e4eb85576ed9285686ac%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r6d03e45b81eab03580cf7f8bb51cb3e9a1b10a2cc0c6a2d3cc92ed0c%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/16", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/16" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K32957101", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://support.f5.com/csp/article/K32957101" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2019-0211" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.exploit-db.com/exploits/46676/", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.exploit-db.com/exploits/46676/" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "https://www.synology.com/security/advisory/Synology_SA_19_14", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://www.synology.com/security/advisory/Synology_SA_19_14" }, { "reference_url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.apache.org/dist/httpd/CHANGES_2.4.39" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/07/26/7", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2019/07/26/7" }, { "reference_url": "http://www.securityfocus.com/bid/107666", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "http://www.securityfocus.com/bid/107666" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694980", "reference_id": "1694980", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694980" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:openshift_container_platform_for_power:3.11_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.1_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.2_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.4_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8_aarch64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.2_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.6_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8_s390x:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8_ppc64le:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php", "reference_id": "CVE-2019-0211", "reference_type": "exploit", "scores": [], "url": "https://github.com/cfreal/exploits/blob/ba026fae59974037d744a90cef09224f751bc3e4/CVE-2019-0211-apache/cfreal-carpediem.php" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php", "reference_id": "CVE-2019-0211", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/46676.php" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0211.json", "reference_id": "CVE-2019-0211", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0211.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0211", "reference_id": "CVE-2019-0211", "reference_type": "", "scores": [ { "value": "7.2", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:C/I:C/A:C" }, { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0211" }, { "reference_url": "https://security.gentoo.org/glsa/201904-20", "reference_id": "GLSA-201904-20", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://security.gentoo.org/glsa/201904-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0746", "reference_id": "RHSA-2019:0746", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0980", "reference_id": "RHSA-2019:0980", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:0980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1296", "reference_id": "RHSA-2019:1296", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1296" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1297", "reference_id": "RHSA-2019:1297", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1297" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:03:33Z/" } ], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0211" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ehv1-yvpu-ubcg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3793?format=api", "vulnerability_id": "VCID-ugdv-apr8-g3bz", "summary": "In Apache HTTP Server 2.4 releases 2.4.37 and 2.4.38, a bug in mod_ssl when using per-location client certificate verification with TLSv1.3 allowed a client supporting Post-Handshake Authentication to bypass configured access control restrictions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0215.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0215", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91756", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91778", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91791", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91798", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91801", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91764", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07501", "scoring_system": "epss", "scoring_elements": "0.91771", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0215" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0215" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/117bc3f09847ebf020b1bb70301ebcc105ddc446856150b63f37f8eb%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/2d6bd429a0ba9af1580da896575cfca6e42bb05e7536562d4b095fcf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/5b1e7d66c5adf286f14f6cc0f857b6fca107444f68aed9e70eedab47%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/bc1a6d4137798565ab02e60079b6788442147f4efeb4200c665bed5b%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.f5.com/csp/article/K59440504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/csp/article/K59440504" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/4" }, { "reference_url": "http://www.securityfocus.com/bid/107667", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107667" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695025", "reference_id": "1695025", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695025" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.37:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.4.38:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0215.json", "reference_id": "CVE-2019-0215", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0215.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0215", "reference_id": "CVE-2019-0215", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0215" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:0980", "reference_id": "RHSA-2019:0980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:0980" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0215" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ugdv-apr8-g3bz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3795?format=api", "vulnerability_id": "VCID-uwqg-yytc-vfae", "summary": "When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0220.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95478", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95507", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95512", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95513", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95488", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95494", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95498", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.20275", "scoring_system": "epss", "scoring_elements": "0.95505", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0220" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036", "reference_id": "1695036", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695036" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0220.json", "reference_id": "CVE-2019-0220", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0220.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0250", "reference_id": "RHSA-2020:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0251", "reference_id": "RHSA-2020:0251", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0251" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0220" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uwqg-yytc-vfae" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3794?format=api", "vulnerability_id": "VCID-w6p6-u8ku-k3f6", "summary": "In Apache HTTP Server 2.4 release 2.4.38 and prior, a race condition in mod_auth_digest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00051.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00061.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00084.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-0217.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97464", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97488", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97481", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97482", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97487", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.43022", "scoring_system": "epss", "scoring_elements": "0.97471", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17189" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17199" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0196" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0211" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0217" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-0220" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/e0b8f6e858b1c8ec2ce8e291a2c543d438915037c7af661ab6d33808%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r03ee478b3dda3e381fd6189366fa7af97c980d2f602846eef935277d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd2fb621142e7fa187cfe12d7137bf66e7234abcbbcd800074c84a538%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2019/04/msg00008.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ALIR5S3O7NRHEGFMIDMUSYQIZOE4TJJN/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EZRMTEIGZKYFNGIDOTXN3GNEJTLVCYU7/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WETXNQWNQLWHV6XNW6YTO5UGDTIWAQGT/" }, { "reference_url": "https://seclists.org/bugtraq/2019/Apr/5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://seclists.org/bugtraq/2019/Apr/5" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190423-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190423-0001/" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03950en_us" }, { "reference_url": "https://www.debian.org/security/2019/dsa-4422", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2019/dsa-4422" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2019/04/02/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2019/04/02/5" }, { "reference_url": "http://www.securityfocus.com/bid/107668", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/107668" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020", "reference_id": "1695020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1695020" }, { "reference_url": "https://security.archlinux.org/ASA-201904-3", "reference_id": "ASA-201904-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201904-3" }, { "reference_url": "https://security.archlinux.org/AVG-946", "reference_id": "AVG-946", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-946" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:7-mode:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-0217.json", "reference_id": "CVE-2019-0217", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-0217.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217", "reference_id": "CVE-2019-0217", "reference_type": "", "scores": [ { "value": "6.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:P/I:P/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-0217" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2343", "reference_id": "RHSA-2019:2343", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2343" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3436", "reference_id": "RHSA-2019:3436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4126", "reference_id": "RHSA-2019:4126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4126" }, { "reference_url": "https://usn.ubuntu.com/3937-1/", "reference_id": "USN-3937-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-1/" }, { "reference_url": "https://usn.ubuntu.com/3937-2/", "reference_id": "USN-3937-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3937-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371358?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.39-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" } ], "aliases": [ "CVE-2019-0217" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w6p6-u8ku-k3f6" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.39-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374909?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.41-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.41-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.43-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3803?format=api", "vulnerability_id": "VCID-5xrt-1n1q-4bey", "summary": "In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93504", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/03/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/03/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/04/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/04/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761", "reference_id": "1820761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1927.json", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1927.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374910?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.43-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1" } ], "aliases": [ "CVE-2020-1927" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3804?format=api", "vulnerability_id": "VCID-auhk-ppv5-buaa", "summary": "in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97233", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97247", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97232", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772", "reference_id": "1820772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1934.json", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1934.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374910?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.43-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1" } ], "aliases": [ "CVE-2020-1934" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa" } ], "fixing_vulnerabilities": [], "risk_score": "2.8", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.41-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374910?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.43-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.43-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.51-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3803?format=api", "vulnerability_id": "VCID-5xrt-1n1q-4bey", "summary": "In Apache HTTP Server versions 2.4.0 to 2.4.41 some mod_rewrite configurations vulnerable to open redirect.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1927.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93495", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93511", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93519", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93528", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11302", "scoring_system": "epss", "scoring_elements": "0.93504", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r10b853ea87dd150b0e76fda3f8254dfdb23dd05fa55596405b58478e%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r6a4146bf3d1645af2880f8b7a4fd8afd696d5fd4a3ae272f49f5dc84%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r70ba652b79ba224b2cbc0a183078b3a49df783b419903e3dcf4d78c7%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r731d43caece41d78d8c6304641a02a369fd78300e7ffaf566b06bc59%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/03/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/03/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2020/04/04/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2020/04/04/1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761", "reference_id": "1820761", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820761" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:broadcom:brocade_fabric_operating_system:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1927.json", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1927.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927", "reference_id": "CVE-2020-1927", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1927" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1336", "reference_id": "RHSA-2020:1336", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1336" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1337", "reference_id": "RHSA-2020:1337", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2263", "reference_id": "RHSA-2020:2263", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2263" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374910?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.43-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1" } ], "aliases": [ "CVE-2020-1927" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5xrt-1n1q-4bey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3804?format=api", "vulnerability_id": "VCID-auhk-ppv5-buaa", "summary": "in Apache HTTP Server versions 2.4.0 to 2.4.41, mod_proxy_ftp use of uninitialized value with malicious FTP backend.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00002.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-1934.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97221", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97233", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97242", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97243", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97247", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97227", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.38657", "scoring_system": "epss", "scoring_elements": "0.97232", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11984" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11993" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1927" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1934" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9490" }, { "reference_url": "https://httpd.apache.org/security/vulnerabilities_24.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/vulnerabilities_24.html" }, { "reference_url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r09bb998baee74a2c316446bd1a41ae7f8d7049d09d9ff991471e8775%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r1719675306dfbeaceff3dc63ccad3de2d5615919ca3c13276948b9ac%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r26706d75f6b9080ca6a29955aeb8de98ec71bbea6e9f05809c46bca4%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r33e626224386d2851a83c352f784ba90dedee5dc7fcfcc221d5d7527%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r3c5c3104813c1c5508b55564b66546933079250a46ce50eee90b2e36%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r52a52fd60a258f5999a8fa5424b30d9fd795885f9ff4828d889cd201%40%3Cdev.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r5d12ffc80685b0df1d6801e68000a7707dd694fe32e4f221de67c210%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rdf3e5d0a5f5c3d90d6013bccc6c4d5af59cf1f8c8dea5d9a283d13ce%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00006.html" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A2RN46PRBJE7E7OPD4YZX5SVWV5QKGV5/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HYVYE2ZERFXDV6RMKK3I5SDSDQLPSEIQ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20200413-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20200413-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4757", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4757" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2020.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.oracle.com/security-alerts/cpujul2020.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772", "reference_id": "1820772", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1820772" }, { "reference_url": "https://security.archlinux.org/ASA-202004-14", "reference_id": "ASA-202004-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202004-14" }, { "reference_url": "https://security.archlinux.org/AVG-1126", "reference_id": "AVG-1126", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1126" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-1934.json", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-1934.json" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934", "reference_id": "CVE-2020-1934", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-1934" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2644", "reference_id": "RHSA-2020:2644", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2644" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2646", "reference_id": "RHSA-2020:2646", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2646" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3958", "reference_id": "RHSA-2020:3958", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3958" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4751", "reference_id": "RHSA-2020:4751", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4751" }, { "reference_url": "https://usn.ubuntu.com/4458-1/", "reference_id": "USN-4458-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4458-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374910?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.43-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1" } ], "aliases": [ "CVE-2020-1934" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-auhk-ppv5-buaa" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.43-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373701?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.46-3", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.46-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.51-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3813?format=api", "vulnerability_id": "VCID-17hy-4ppt-xyhw", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97347", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97343", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732", "reference_id": "1966732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26691.json", "reference_id": "CVE-2021-26691", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26691.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2021-26691" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3811?format=api", "vulnerability_id": "VCID-66k7-maf9-dfcd", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93319", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.9332", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93302", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724", "reference_id": "1966724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-35452.json", "reference_id": "CVE-2020-35452", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-35452.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2020-35452" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3809?format=api", "vulnerability_id": "VCID-91u7-vh6n-v7fm", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21778", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21943", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21761", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21839", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21894", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006", "reference_id": "1970006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006" }, { "reference_url": "https://security.archlinux.org/AVG-2054", "reference_id": "AVG-2054", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2054" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-13938.json", "reference_id": "CVE-2020-13938", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-13938.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2020-13938" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3810?format=api", "vulnerability_id": "VCID-9ych-ybpr-j3h6", "summary": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95684", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95714", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95693", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.9571", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738", "reference_id": "1966738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-13950.json", "reference_id": "CVE-2020-13950", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-13950.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5163", "reference_id": "RHSA-2022:5163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5163" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2020-13950" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3812?format=api", "vulnerability_id": "VCID-bvkg-nrwd-e7g8", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98681", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729", "reference_id": "1966729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26690.json", "reference_id": "CVE-2021-26690", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26690.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2021-26690" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3802?format=api", "vulnerability_id": "VCID-f2y3-s6j8-7ygr", "summary": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93865", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93895", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93898", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93902", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93883", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93886", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740", "reference_id": "1966740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-17567.json", "reference_id": "CVE-2019-17567", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-17567.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2019-17567" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3814?format=api", "vulnerability_id": "VCID-g6xr-qtwz-2yaq", "summary": "Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.9711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97095", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743", "reference_id": "1966743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-30641.json", "reference_id": "CVE-2021-30641", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-30641.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2021-30641" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq" } ], "fixing_vulnerabilities": [], "risk_score": "3.6", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.46-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.47-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.51-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3815?format=api", "vulnerability_id": "VCID-6b7y-562y-suce", "summary": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.934", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93416", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93392", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93419", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013", "reference_id": "1968013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/13/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/13/2" }, { "reference_url": "https://seclists.org/oss-sec/2021/q2/206", "reference_id": "206", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://seclists.org/oss-sec/2021/q2/206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/", "reference_id": "2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/06/10/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/9" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562", "reference_id": "989562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/", "reference_id": "A73QJ4HPUMU26I6EULG6SCK67TUEXZYR", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/" }, { "reference_url": "https://security.archlinux.org/ASA-202106-23", "reference_id": "ASA-202106-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-23" }, { "reference_url": "https://security.archlinux.org/AVG-2041", "reference_id": "AVG-2041", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2041" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-31618.json", "reference_id": "CVE-2021-31618", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-31618.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4937", "reference_id": "dsa-4937", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4937" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0008/", "reference_id": "ntap-20210727-0008", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0008/" }, { "reference_url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371900?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.48-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1" } ], "aliases": [ "CVE-2021-31618" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3813?format=api", "vulnerability_id": "VCID-17hy-4ppt-xyhw", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted SessionHeader sent by an origin server could cause a heap overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26691.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97325", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97348", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97344", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97346", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97347", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97336", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.40357", "scoring_system": "epss", "scoring_elements": "0.97343", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732", "reference_id": "1966732", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966732" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26691.json", "reference_id": "CVE-2021-26691", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26691.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2021-26691" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-17hy-4ppt-xyhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3811?format=api", "vulnerability_id": "VCID-66k7-maf9-dfcd", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Digest nonce can cause a stack overflow in mod_auth_digest. There is no report of this overflow being exploitable, nor the Apache HTTP Server team could create one, though some particular compiler and/or compilation option might make it possible, with limited consequences anyway due to the size (a single byte) and the value (zero byte) of the overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93289", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93319", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.9332", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93318", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93297", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93303", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93302", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10695", "scoring_system": "epss", "scoring_elements": "0.93311", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724", "reference_id": "1966724", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966724" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-35452.json", "reference_id": "CVE-2020-35452", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-35452.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2020-35452" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-66k7-maf9-dfcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3809?format=api", "vulnerability_id": "VCID-91u7-vh6n-v7fm", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 Unprivileged local users can stop httpd on Windows", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13938.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21778", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21808", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21906", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21866", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21943", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21997", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21761", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21839", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21894", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13938" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006", "reference_id": "1970006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970006" }, { "reference_url": "https://security.archlinux.org/AVG-2054", "reference_id": "AVG-2054", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2054" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-13938.json", "reference_id": "CVE-2020-13938", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-13938.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2020-13938" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-91u7-vh6n-v7fm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3810?format=api", "vulnerability_id": "VCID-9ych-ybpr-j3h6", "summary": "Apache HTTP Server versions 2.4.41 to 2.4.46 mod_proxy_http can be made to crash (NULL pointer dereference) with specially crafted requests using both Content-Length and Transfer-Encoding headers, leading to a Denial of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-13950.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13950", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95684", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95718", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95714", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95717", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95716", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95693", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95698", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.95701", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21543", "scoring_system": "epss", "scoring_elements": "0.9571", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-13950" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13950" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738", "reference_id": "1966738", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966738" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2020-13950.json", "reference_id": "CVE-2020-13950", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2020-13950.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5163", "reference_id": "RHSA-2022:5163", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5163" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2020-13950" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9ych-ybpr-j3h6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3812?format=api", "vulnerability_id": "VCID-bvkg-nrwd-e7g8", "summary": "Apache HTTP Server versions 2.4.0 to 2.4.46 A specially crafted Cookie header handled by mod_session can cause a NULL pointer dereference and crash, leading to a possible Denial Of Service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-26690.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98675", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98687", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98682", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98685", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98678", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.70379", "scoring_system": "epss", "scoring_elements": "0.98681", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729", "reference_id": "1966729", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966729" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-26690.json", "reference_id": "CVE-2021-26690", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-26690.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2021-26690" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bvkg-nrwd-e7g8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3802?format=api", "vulnerability_id": "VCID-f2y3-s6j8-7ygr", "summary": "Apache HTTP Server versions 2.4.6 to 2.4.46 mod_proxy_wstunnel configured on an URL that is not necessarily Upgraded by the origin server was tunneling the whole connection regardless, thus allowing for subsequent requests on the same connection to pass through with no HTTP validation, authentication or authorization possibly configured.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17567.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93865", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93895", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93898", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93902", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93874", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93883", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.12438", "scoring_system": "epss", "scoring_elements": "0.93886", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17567" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17567" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740", "reference_id": "1966740", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966740" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2019-17567.json", "reference_id": "CVE-2019-17567", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2019-17567.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2019-17567" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f2y3-s6j8-7ygr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3814?format=api", "vulnerability_id": "VCID-g6xr-qtwz-2yaq", "summary": "Apache HTTP Server versions 2.4.39 to 2.4.46 Unexpected matching behavior with 'MergeSlashes OFF'", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-30641.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97082", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97105", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97109", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.9711", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97089", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.36362", "scoring_system": "epss", "scoring_elements": "0.97095", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743", "reference_id": "1966743", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966743" }, { "reference_url": "https://security.archlinux.org/AVG-2053", "reference_id": "AVG-2053", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2053" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-30641.json", "reference_id": "CVE-2021-30641", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-30641.json" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4257", "reference_id": "RHSA-2021:4257", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4257" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://usn.ubuntu.com/4994-1/", "reference_id": "USN-4994-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-1/" }, { "reference_url": "https://usn.ubuntu.com/4994-2/", "reference_id": "USN-4994-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4994-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372043?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.47-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-6b7y-562y-suce" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" } ], "aliases": [ "CVE-2021-30641" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g6xr-qtwz-2yaq" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.47-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371900?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.48-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.48-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.51-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3817?format=api", "vulnerability_id": "VCID-9u53-b79b-cfgd", "summary": "Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93166", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93162", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128", "reference_id": "2005128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-34798.json", "reference_id": "CVE-2021-34798", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-34798.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-34798" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3816?format=api", "vulnerability_id": "VCID-db6k-j9mj-e7hy", "summary": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72839", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72879", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72917", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72841", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728", "reference_id": "1966728", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-33193.json", "reference_id": "CVE-2021-33193", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-33193.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-33193" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3820?format=api", "vulnerability_id": "VCID-mtg7-8556-kbgd", "summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94432", "scoring_system": "epss", "scoring_elements": "0.99985", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117", "reference_id": "2005117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_id": "cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-40438.json", "reference_id": "CVE-2021-40438", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-40438.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4982", "reference_id": "dsa-4982", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0004/", "reference_id": "ntap-20211008-0004", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "reference_url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_id": "r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_id": "r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_id": "r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_id": "r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_id": "rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3745", "reference_id": "RHSA-2021:3745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3746", "reference_id": "RHSA-2021:3746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3754", "reference_id": "RHSA-2021:3754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3836", "reference_id": "RHSA-2021:3836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3837", "reference_id": "RHSA-2021:3837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3856", "reference_id": "RHSA-2021:3856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3856" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/", "reference_id": "SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", "reference_id": "ssa-685781.pdf", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2021-17", "reference_id": "tns-2021-17", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.tenable.com/security/tns-2021-17" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/", "reference_id": "ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-40438" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3818?format=api", "vulnerability_id": "VCID-rdtq-8ng5-53fn", "summary": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87985", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87978", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87943", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87968", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124", "reference_id": "2005124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-36160.json", "reference_id": "CVE-2021-36160", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-36160.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-36160" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3819?format=api", "vulnerability_id": "VCID-wrw6-uzz4-rkfb", "summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97171", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97193", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97183", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119", "reference_id": "2005119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-39275.json", "reference_id": "CVE-2021-39275", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-39275.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-39275" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3815?format=api", "vulnerability_id": "VCID-6b7y-562y-suce", "summary": "Apache HTTP Server protocol handler for the HTTP/2 protocol checks received request headers against the size limitations as configured for the server and used for the HTTP/1 protocol as well. On violation of these restrictions and HTTP response is sent to the client with a status code indicating why the request was rejected.\n\nThis rejection response was not fully initialised in the HTTP/2 protocol handler if the offending header was the very first one received or appeared in a a footer. This led to a NULL pointer dereference on initialised memory, crashing reliably the child process. Since such a triggering HTTP/2 request is easy to craft and submit, this can be exploited to DoS the server.\n\nThis issue affected mod_http2 1.15.17 and Apache HTTP Server version 2.4.47 only. Apache HTTP Server 2.4.47 was never released.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93424", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.934", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93416", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93392", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93408", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93425", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11001", "scoring_system": "epss", "scoring_elements": "0.93419", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-26691" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30641" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013", "reference_id": "1968013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1968013" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/13/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/13/2" }, { "reference_url": "https://seclists.org/oss-sec/2021/q2/206", "reference_id": "206", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://seclists.org/oss-sec/2021/q2/206" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/", "reference_id": "2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2NKJ3ZA3FTSZ2QBBPKS6BYGAWYRABNQQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/06/10/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/06/10/9" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562", "reference_id": "989562", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989562" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/", "reference_id": "A73QJ4HPUMU26I6EULG6SCK67TUEXZYR", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/A73QJ4HPUMU26I6EULG6SCK67TUEXZYR/" }, { "reference_url": "https://security.archlinux.org/ASA-202106-23", "reference_id": "ASA-202106-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-23" }, { "reference_url": "https://security.archlinux.org/AVG-2041", "reference_id": "AVG-2041", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2041" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-31618.json", "reference_id": "CVE-2021-31618", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-31618.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4937", "reference_id": "dsa-4937", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4937" }, { "reference_url": "https://security.gentoo.org/glsa/202107-38", "reference_id": "GLSA-202107-38", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.gentoo.org/glsa/202107-38" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210727-0008/", "reference_id": "ntap-20210727-0008", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210727-0008/" }, { "reference_url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r14b66ef0f4f569fd515a3f96cd4eb58bd9a8ff525cc326bb0359664f%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-05-20T16:18:33Z/" } ], "url": "https://lists.apache.org/thread.html/r783b6558abf3305b17ea462bed4bd66d82866438999bf38cef6d11d1%40%3Ccvs.httpd.apache.org%3E" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371900?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.48-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9u53-b79b-cfgd" }, { "vulnerability": "VCID-db6k-j9mj-e7hy" }, { "vulnerability": "VCID-mtg7-8556-kbgd" }, { "vulnerability": "VCID-rdtq-8ng5-53fn" }, { "vulnerability": "VCID-wrw6-uzz4-rkfb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1" } ], "aliases": [ "CVE-2021-31618" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6b7y-562y-suce" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.48-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.49-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.51-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3822?format=api", "vulnerability_id": "VCID-ffpe-1ctd-77e9", "summary": "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.\n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue is known to be exploited in the wild.\n\nThis issue only affects Apache 2.4.49 and not earlier versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94391", "scoring_system": "epss", "scoring_elements": "0.99973", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41773" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/09/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/09/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/16/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/05/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/05/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010757", "reference_id": "2010757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010757" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/15/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/15/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/11/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/11/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/6" }, { "reference_url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html", "reference_id": "Apache-HTTP-Server-2.4.49-Path-Traversal.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html" }, { "reference_url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "https://security.archlinux.org/AVG-2442", "reference_id": "AVG-2442", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2442" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_id": "cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh", "reference_id": "CVE-2021-41773", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-41773.json", "reference_id": "CVE-2021-41773", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-41773.json" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py", "reference_id": "CVE-2021-42013;CVE-2021-41773", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211029-0009/", "reference_id": "ntap-20211029-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211029-0009/" }, { "reference_url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E", "reference_id": "r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_id": "r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E", "reference_id": "r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_id": "rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/", "reference_id": "RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/", "reference_id": "WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371170?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.50-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qn74-neyt-jkg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1" } ], "aliases": [ "CVE-2021-41773" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3821?format=api", "vulnerability_id": "VCID-hj5r-jms3-x3fe", "summary": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91488", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91533", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91534", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91535", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91495", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.9151", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91529", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41524" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934", "reference_id": "2010934", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934" }, { "reference_url": "https://security.archlinux.org/AVG-2442", "reference_id": "AVG-2442", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2442" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-41524.json", "reference_id": "CVE-2021-41524", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-41524.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371170?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.50-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qn74-neyt-jkg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1" } ], "aliases": [ "CVE-2021-41524" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3817?format=api", "vulnerability_id": "VCID-9u53-b79b-cfgd", "summary": "Malformed requests may cause the server to dereference a NULL pointer.\n\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-34798.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93171", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93166", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93172", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93169", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93151", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.1029", "scoring_system": "epss", "scoring_elements": "0.93162", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128", "reference_id": "2005128", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005128" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-34798.json", "reference_id": "CVE-2021-34798", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-34798.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4613", "reference_id": "RHSA-2021:4613", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4614", "reference_id": "RHSA-2021:4614", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4614" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-34798" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9u53-b79b-cfgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3816?format=api", "vulnerability_id": "VCID-db6k-j9mj-e7hy", "summary": "A crafted method sent through HTTP/2 will bypass validation and be forwarded by mod_proxy, which can lead to request splitting or cache poisoning.\n\nThis issue affects Apache HTTP Server 2.4.17 to 2.4.48.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-33193.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33193", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72839", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.729", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72879", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72892", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72917", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72846", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72866", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00739", "scoring_system": "epss", "scoring_elements": "0.72841", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-33193" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33193" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728", "reference_id": "1966728", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966728" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-33193.json", "reference_id": "CVE-2021-33193", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-33193.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-33193" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-db6k-j9mj-e7hy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3820?format=api", "vulnerability_id": "VCID-mtg7-8556-kbgd", "summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-40438.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94432", "scoring_system": "epss", "scoring_elements": "0.99985", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-40438" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117", "reference_id": "2005117", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_id": "cisco-sa-apache-httpd-2.4.49-VWL69sWQ", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-40438.json", "reference_id": "CVE-2021-40438", "reference_type": "", "scores": [ { "value": "important", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-40438.json" }, { "reference_url": "https://www.debian.org/security/2021/dsa-4982", "reference_id": "dsa-4982", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.debian.org/security/2021/dsa-4982" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html", "reference_id": "msg00001.html", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211008-0004/", "reference_id": "ntap-20211008-0004", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/" }, { "reference_url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_id": "r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_id": "r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_id": "r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_id": "r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_id": "r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_id": "rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3745", "reference_id": "RHSA-2021:3745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3746", "reference_id": "RHSA-2021:3746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3754", "reference_id": "RHSA-2021:3754", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3754" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3816", "reference_id": "RHSA-2021:3816", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3816" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3836", "reference_id": "RHSA-2021:3836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3837", "reference_id": "RHSA-2021:3837", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3837" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3856", "reference_id": "RHSA-2021:3856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3856" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/", "reference_id": "SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/" }, { "reference_url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", "reference_id": "ssa-685781.pdf", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf" }, { "reference_url": "https://www.tenable.com/security/tns-2021-17", "reference_id": "tns-2021-17", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://www.tenable.com/security/tns-2021-17" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/", "reference_id": "ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R", "reference_type": "", "scores": [ { "value": "9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H" }, { "value": "Attend", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:N/T:T/P:M/B:A/M:M/D:A/2025-02-06T21:08:29Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-40438" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mtg7-8556-kbgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3818?format=api", "vulnerability_id": "VCID-rdtq-8ng5-53fn", "summary": "A carefully crafted request uri-path can cause mod_proxy_uwsgi to read above the allocated memory and crash (DoS).\n\nThis issue affects Apache HTTP Server versions 2.4.30 to 2.4.48 (inclusive).", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-36160.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8792", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87977", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87974", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87985", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87978", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.8793", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87943", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87947", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03716", "scoring_system": "epss", "scoring_elements": "0.87968", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124", "reference_id": "2005124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005124" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-36160.json", "reference_id": "CVE-2021-36160", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-36160.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1915", "reference_id": "RHSA-2022:1915", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1915" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-36160" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rdtq-8ng5-53fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3819?format=api", "vulnerability_id": "VCID-wrw6-uzz4-rkfb", "summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. \nNo included modules pass untrusted data to these functions, but third-party / external modules may.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-39275.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97171", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97199", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97193", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97194", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97177", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.37674", "scoring_system": "epss", "scoring_elements": "0.97183", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34798" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36160" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39275" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119", "reference_id": "2005119", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005119" }, { "reference_url": "https://security.archlinux.org/AVG-2289", "reference_id": "AVG-2289", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2289" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-39275.json", "reference_id": "CVE-2021-39275", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-39275.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0143", "reference_id": "RHSA-2022:0143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0891", "reference_id": "RHSA-2022:0891", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0891" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" }, { "reference_url": "https://usn.ubuntu.com/5090-1/", "reference_id": "USN-5090-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-1/" }, { "reference_url": "https://usn.ubuntu.com/5090-2/", "reference_id": "USN-5090-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5090-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371879?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.49-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ffpe-1ctd-77e9" }, { "vulnerability": "VCID-hj5r-jms3-x3fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" } ], "aliases": [ "CVE-2021-39275" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wrw6-uzz4-rkfb" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.49-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371170?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.50-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.50-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.51-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3823?format=api", "vulnerability_id": "VCID-qn74-neyt-jkg9", "summary": "It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. \n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99979", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99978", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42013" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/09/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/09/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/16/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011900", "reference_id": "2011900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011900" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/15/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/15/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/11/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/11/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/6" }, { "reference_url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html" }, { "reference_url": "https://www.povilaika.com/apache-2-4-50-exploit/", "reference_id": "apache-2-4-50-exploit", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://www.povilaika.com/apache-2-4-50-exploit/" }, { "reference_url": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html", "reference_id": "Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html" }, { "reference_url": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "https://security.archlinux.org/ASA-202110-1", "reference_id": "ASA-202110-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-1" }, { "reference_url": "https://security.archlinux.org/AVG-2450", "reference_id": "AVG-2450", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2450" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_id": "cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh", "reference_id": "CVE-2021-42013", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh", "reference_id": "CVE-2021-42013", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-42013.json", "reference_id": "CVE-2021-42013", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-42013.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "http://jvn.jp/en/jp/JVN51106450/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://jvn.jp/en/jp/JVN51106450/index.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211029-0009/", "reference_id": "ntap-20211029-0009", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211029-0009/" }, { "reference_url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_id": "r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_id": "rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/", "reference_id": "RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/", "reference_id": "WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371171?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.51-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.51-1" } ], "aliases": [ "CVE-2021-42013" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3822?format=api", "vulnerability_id": "VCID-ffpe-1ctd-77e9", "summary": "A flaw was found in a change made to path normalization in Apache HTTP Server 2.4.49. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives.\n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue is known to be exploited in the wild.\n\nThis issue only affects Apache 2.4.49 and not earlier versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.94391", "scoring_system": "epss", "scoring_elements": "0.99973", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41773" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/09/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/09/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/16/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/05/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/05/2" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010757", "reference_id": "2010757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010757" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/15/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/15/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/11/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/11/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/6" }, { "reference_url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html", "reference_id": "Apache-HTTP-Server-2.4.49-Path-Traversal.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal.html" }, { "reference_url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164418/Apache-HTTP-Server-2.4.49-Path-Traversal-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "https://security.archlinux.org/AVG-2442", "reference_id": "AVG-2442", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2442" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_id": "cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh", "reference_id": "CVE-2021-41773", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50383.sh" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-41773.json", "reference_id": "CVE-2021-41773", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-41773.json" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py", "reference_id": "CVE-2021-42013;CVE-2021-41773", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50512.py" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211029-0009/", "reference_id": "ntap-20211029-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211029-0009/" }, { "reference_url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E", "reference_id": "r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r6abf5f2ba6f1aa8b1030f95367aaf17660c4e4c78cb2338aee18982f%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_id": "r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E", "reference_id": "r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/r98d704ed4377ed889d40479db79ed1ee2f43b2ebdd79ce84b042df45%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_id": "rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/", "reference_id": "RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/", "reference_id": "WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:41:10Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371170?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.50-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qn74-neyt-jkg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1" } ], "aliases": [ "CVE-2021-41773" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffpe-1ctd-77e9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3821?format=api", "vulnerability_id": "VCID-hj5r-jms3-x3fe", "summary": "While fuzzing the 2.4.49 httpd, a new null pointer dereference was detected during HTTP/2 request processing,\nallowing an external source to DoS the server. This requires a specially crafted request. \n\nThe vulnerability was recently introduced in version 2.4.49. No exploit is known to the project.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91488", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91533", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91534", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91535", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91495", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91502", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.9151", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91523", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.07103", "scoring_system": "epss", "scoring_elements": "0.91529", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41524" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934", "reference_id": "2010934", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2010934" }, { "reference_url": "https://security.archlinux.org/AVG-2442", "reference_id": "AVG-2442", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2442" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-41524.json", "reference_id": "CVE-2021-41524", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-41524.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7143", "reference_id": "RHSA-2022:7143", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7144", "reference_id": "RHSA-2022:7144", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7144" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371170?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.50-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qn74-neyt-jkg9" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1" } ], "aliases": [ "CVE-2021-41524" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hj5r-jms3-x3fe" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.50-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371171?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.51-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.51-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.54-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3823?format=api", "vulnerability_id": "VCID-qn74-neyt-jkg9", "summary": "It was found that the fix for CVE-2021-41773 in Apache HTTP Server 2.4.50 was insufficient. An attacker could use a path traversal attack to map URLs to files outside the directories configured by Alias-like directives. \n\nIf files outside of these directories are not protected by the usual default configuration \"require all denied\", these requests can succeed. If CGI scripts are also enabled for these aliased pathes, this could allow for remote code execution.\n\nThis issue only affects Apache 2.4.49 and Apache 2.4.50 and not earlier versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42013.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42013", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99979", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.9441", "scoring_system": "epss", "scoring_elements": "0.99978", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-42013" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/09/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/09/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/16/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/16/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/2", "reference_id": "2", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011900", "reference_id": "2011900", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2011900" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/15/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/15/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/11/4", "reference_id": "4", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/11/4" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/5", "reference_id": "5", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/07/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/07/6" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/10/08/6", "reference_id": "6", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2021/10/08/6" }, { "reference_url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_id": "Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164629/Apache-2.4.49-2.4.50-Traversal-Remote-Code-Execution.html" }, { "reference_url": "https://www.povilaika.com/apache-2-4-50-exploit/", "reference_id": "apache-2-4-50-exploit", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://www.povilaika.com/apache-2-4-50-exploit/" }, { "reference_url": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/167397/Apache-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html", "reference_id": "Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/165089/Apache-HTTP-Server-2.4.50-CVE-2021-42013-Exploitation.html" }, { "reference_url": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164501/Apache-HTTP-Server-2.4.50-Path-Traversal-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164609/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_id": "Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://packetstormsecurity.com/files/164941/Apache-HTTP-Server-2.4.50-Remote-Code-Execution.html" }, { "reference_url": "https://security.archlinux.org/ASA-202110-1", "reference_id": "ASA-202110-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202110-1" }, { "reference_url": "https://security.archlinux.org/AVG-2450", "reference_id": "AVG-2450", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2450" }, { "reference_url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_id": "cisco-sa-apache-httpd-pathtrv-LAzg68cZ", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-pathtrv-LAzg68cZ" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh", "reference_id": "CVE-2021-42013", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50406.sh" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh", "reference_id": "CVE-2021-42013", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/webapps/50446.sh" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2021-42013.json", "reference_id": "CVE-2021-42013", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2021-42013.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "http://jvn.jp/en/jp/JVN51106450/index.html", "reference_id": "index.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "http://jvn.jp/en/jp/JVN51106450/index.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20211029-0009/", "reference_id": "ntap-20211029-0009", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20211029-0009/" }, { "reference_url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_id": "r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/r17a4c6ce9aff662efd9459e9d1850ab4a611cb23392fc68264c72cb3%40%3Ccvs.httpd.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_id": "r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/r7c795cd45a3384d4d27e57618a215b0ed19cb6ca8eb070061ad5d837%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_id": "rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.apache.org/thread.html/rb5b0e46f179f60b0c70204656bc52fcb558e961cb4d06a971e9e3efb%40%3Cusers.httpd.apache.org%3E" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/", "reference_id": "RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RMIIEFINL6FUIOPD2A3M5XC6DH45Y3CC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/", "reference_id": "WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Act", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-02-04T14:28:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WS5RVHOIIRECG65ZBTZY7IEJVWQSQPG3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371171?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.51-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.51-1" } ], "aliases": [ "CVE-2021-42013" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qn74-neyt-jkg9" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.51-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373212?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.53-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.53-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.54-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3833?format=api", "vulnerability_id": "VCID-4d3t-es7p-9qhn", "summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78114", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78131", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78146", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.7814", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006", "reference_id": "2095006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", "reference_id": "7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/08/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/08/9" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28615.json", "reference_id": "CVE-2022-28615", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28615.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220624-0005/", "reference_id": "ntap-20220624-0005", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220624-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", "reference_id": "YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-28615" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3834?format=api", "vulnerability_id": "VCID-d36c-rrxh-ybgv", "summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84788", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84759", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84781", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012", "reference_id": "2095012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-29404.json", "reference_id": "CVE-2022-29404", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-29404.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-29404" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3835?format=api", "vulnerability_id": "VCID-gv84-vfvh-y7hu", "summary": "If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93636", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93638", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93643", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93616", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93625", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93627", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015", "reference_id": "2095015", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30522.json", "reference_id": "CVE-2022-30522", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30522.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-30522" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3836?format=api", "vulnerability_id": "VCID-hm3f-m22n-u3gy", "summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66229", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66253", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6626", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6624", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018", "reference_id": "2095018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30556.json", "reference_id": "CVE-2022-30556", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30556.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-30556" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3832?format=api", "vulnerability_id": "VCID-na94-5565-dyfc", "summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69311", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6922", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69271", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002", "reference_id": "2095002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28614.json", "reference_id": "CVE-2022-28614", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28614.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-28614" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3837?format=api", "vulnerability_id": "VCID-p2a1-afnh-7qca", "summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11511", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13379", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13305", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020", "reference_id": "2095020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-31813.json", "reference_id": "CVE-2022-31813", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-31813.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-31813" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3830?format=api", "vulnerability_id": "VCID-qm7e-n9ay-hufy", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97321", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.9732", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997", "reference_id": "2094997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-26377.json", "reference_id": "CVE-2022-26377", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-26377.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-26377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy" } ], "fixing_vulnerabilities": [], "risk_score": "4.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.53-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.54-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.4.55-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3833?format=api", "vulnerability_id": "VCID-4d3t-es7p-9qhn", "summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28615.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78114", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78131", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78101", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78153", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.78146", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01111", "scoring_system": "epss", "scoring_elements": "0.7814", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28615" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28615" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006", "reference_id": "2095006", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095006" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/", "reference_id": "7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2022/06/08/9", "reference_id": "9", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2022/06/08/9" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28615.json", "reference_id": "CVE-2022-28615", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28615.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20220624-0005/", "reference_id": "ntap-20220624-0005", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20220624-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/", "reference_id": "YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:26:06Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-28615" ], "risk_score": 4.1, "exploitability": "0.5", "weighted_severity": "8.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4d3t-es7p-9qhn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3834?format=api", "vulnerability_id": "VCID-d36c-rrxh-ybgv", "summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-29404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84797", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84788", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84806", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84802", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84738", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84757", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84759", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0232", "scoring_system": "epss", "scoring_elements": "0.84781", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-29404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012", "reference_id": "2095012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095012" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-29404.json", "reference_id": "CVE-2022-29404", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-29404.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-29404" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d36c-rrxh-ybgv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3835?format=api", "vulnerability_id": "VCID-gv84-vfvh-y7hu", "summary": "If Apache HTTP Server 2.4.53 is configured to do transformations with mod_sed in contexts where the input to mod_sed may be very large, mod_sed may make excessively large memory allocations and trigger an abort.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30522.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93644", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93636", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93638", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93643", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93616", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93625", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.11589", "scoring_system": "epss", "scoring_elements": "0.93627", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30522" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015", "reference_id": "2095015", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095015" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30522.json", "reference_id": "CVE-2022-30522", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30522.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-30522" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gv84-vfvh-y7hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3836?format=api", "vulnerability_id": "VCID-hm3f-m22n-u3gy", "summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66229", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66253", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66273", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6626", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66195", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66222", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.66192", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00506", "scoring_system": "epss", "scoring_elements": "0.6624", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-30556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30556" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018", "reference_id": "2095018", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095018" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-30556.json", "reference_id": "CVE-2022-30556", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-30556.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-30556" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hm3f-m22n-u3gy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3832?format=api", "vulnerability_id": "VCID-na94-5565-dyfc", "summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function.\n\nModules compiled and distributed separately from Apache HTTP Server that use the \"ap_rputs\" function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-28614.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69266", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69289", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69311", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69295", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6922", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.6924", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00593", "scoring_system": "epss", "scoring_elements": "0.69271", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-28614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28614" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002", "reference_id": "2095002", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095002" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-28614.json", "reference_id": "CVE-2022-28614", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-28614.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-28614" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-na94-5565-dyfc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3837?format=api", "vulnerability_id": "VCID-p2a1-afnh-7qca", "summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism.\nThis may be used to bypass IP based authentication on the origin server/application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-31813.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11522", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11453", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00038", "scoring_system": "epss", "scoring_elements": "0.11511", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13255", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13379", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00043", "scoring_system": "epss", "scoring_elements": "0.13305", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-31813" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31813" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020", "reference_id": "2095020", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2095020" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-31813.json", "reference_id": "CVE-2022-31813", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-31813.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-31813" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2a1-afnh-7qca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3830?format=api", "vulnerability_id": "VCID-qm7e-n9ay-hufy", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.53 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-26377.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97289", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97287", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.39296", "scoring_system": "epss", "scoring_elements": "0.97288", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97321", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97314", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97308", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.97313", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.3988", "scoring_system": "epss", "scoring_elements": "0.9732", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-26377" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-26377" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513", "reference_id": "1012513", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1012513" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997", "reference_id": "2094997", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2094997" }, { "reference_url": "https://security.archlinux.org/AVG-2763", "reference_id": "AVG-2763", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2763" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-26377.json", "reference_id": "CVE-2022-26377", "reference_type": "", "scores": [ { "value": "moderate", "scoring_system": "apache_httpd", "scoring_elements": "" } ], "url": "https://httpd.apache.org/security/json/CVE-2022-26377.json" }, { "reference_url": "https://security.gentoo.org/glsa/202208-20", "reference_id": "GLSA-202208-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6753", "reference_id": "RHSA-2022:6753", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6753" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:7647", "reference_id": "RHSA-2022:7647", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:7647" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8067", "reference_id": "RHSA-2022:8067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://usn.ubuntu.com/5487-1/", "reference_id": "USN-5487-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-1/" }, { "reference_url": "https://usn.ubuntu.com/5487-3/", "reference_id": "USN-5487-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5487-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373213?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" } ], "aliases": [ "CVE-2022-26377" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qm7e-n9ay-hufy" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371052?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.54-3", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.54-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.4.55-1", "latest_non_vulnerable_version": "2.4.55-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3838?format=api", "vulnerability_id": "VCID-6qk8-1cj1-4fh7", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52508", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52528", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52573", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52558", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52481", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", "reference_id": "2161777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-36760.json", "reference_id": "CVE-2022-36760", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2022-36760.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://usn.ubuntu.com/5834-1/", "reference_id": "USN-5834-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5834-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371053?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.55-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1" } ], "aliases": [ "CVE-2022-36760" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3691?format=api", "vulnerability_id": "VCID-fz8c-b8r4-1yb8", "summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63051", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63191", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6314", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63105", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774", "reference_id": "2161774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2006-20001.json", "reference_id": "CVE-2006-20001", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2006-20001.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://usn.ubuntu.com/5834-1/", "reference_id": "USN-5834-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5834-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371053?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.55-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1" } ], "aliases": [ "CVE-2006-20001" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3839?format=api", "vulnerability_id": "VCID-htfx-mahy-9kde", "summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64237", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64235", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64196", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64275", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64208", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", "reference_id": "2161773", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-37436.json", "reference_id": "CVE-2022-37436", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2022-37436.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-2/", "reference_id": "USN-5839-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371053?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.55-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1" } ], "aliases": [ "CVE-2022-37436" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.54-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/371053?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.55-1", "type": "alpm", "namespace": "archlinux", "name": "apache", "version": "2.4.55-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3838?format=api", "vulnerability_id": "VCID-6qk8-1cj1-4fh7", "summary": "Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') vulnerability in mod_proxy_ajp of Apache HTTP Server allows an attacker to smuggle requests to the AJP server it forwards requests to. This issue affects Apache HTTP Server Apache HTTP Server 2.4 version 2.4.54 and prior versions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-36760.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52542", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52508", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52475", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52528", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52522", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52573", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52558", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00291", "scoring_system": "epss", "scoring_elements": "0.52481", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777", "reference_id": "2161777", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161777" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-36760.json", "reference_id": "CVE-2022-36760", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2022-36760.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://usn.ubuntu.com/5834-1/", "reference_id": "USN-5834-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5834-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371053?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.55-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1" } ], "aliases": [ "CVE-2022-36760" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6qk8-1cj1-4fh7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3691?format=api", "vulnerability_id": "VCID-fz8c-b8r4-1yb8", "summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2006-20001.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63051", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63154", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63157", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63174", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63191", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63176", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6311", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.6314", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00439", "scoring_system": "epss", "scoring_elements": "0.63105", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774", "reference_id": "2161774", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161774" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2006-20001.json", "reference_id": "CVE-2006-20001", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2006-20001.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://usn.ubuntu.com/5834-1/", "reference_id": "USN-5834-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5834-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371053?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.55-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1" } ], "aliases": [ "CVE-2006-20001" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fz8c-b8r4-1yb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3839?format=api", "vulnerability_id": "VCID-htfx-mahy-9kde", "summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-37436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64237", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64235", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64196", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64246", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64262", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64275", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64264", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00463", "scoring_system": "epss", "scoring_elements": "0.64208", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-20001" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-36760" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-37436" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25690" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27522" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773", "reference_id": "2161773", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2161773" }, { "reference_url": "https://security.archlinux.org/AVG-2824", "reference_id": "AVG-2824", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2824" }, { "reference_url": "https://httpd.apache.org/security/json/CVE-2022-37436.json", "reference_id": "CVE-2022-37436", "reference_type": "", "scores": [], "url": "https://httpd.apache.org/security/json/CVE-2022-37436.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0852", "reference_id": "RHSA-2023:0852", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0852" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0970", "reference_id": "RHSA-2023:0970", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0970" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://usn.ubuntu.com/5839-1/", "reference_id": "USN-5839-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-1/" }, { "reference_url": "https://usn.ubuntu.com/5839-2/", "reference_id": "USN-5839-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5839-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371053?format=api", "purl": "pkg:alpm/archlinux/apache@2.4.55-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1" } ], "aliases": [ "CVE-2022-37436" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-htfx-mahy-9kde" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apache@2.4.55-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374484?format=api", "purl": "pkg:alpm/archlinux/apr@1.6.2-1", "type": "alpm", "namespace": "archlinux", "name": "apr", "version": "1.6.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.3-1", "latest_non_vulnerable_version": "1.6.3-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83867?format=api", "vulnerability_id": "VCID-jdxe-krj9-8kax", "summary": "apr: Out-of-bounds array deref in apr_time_exp*() functions", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48167", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48176", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4823", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48224", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48225", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:M/C:P/I:N/A:P" }, { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html" }, { "reference_url": "https://svn.apache.org/viewvc?view=revision&revision=1807976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=revision&revision=1807976" }, { "reference_url": "http://www.apache.org/dist/apr/Announcement1.x.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.apache.org/dist/apr/Announcement1.x.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/23/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "reference_url": "http://www.securityfocus.com/bid/101560", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101560" }, { "reference_url": "http://www.securitytracker.com/id/1042004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1042004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523", "reference_id": "1506523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708", "reference_id": "879708", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708" }, { "reference_url": "https://security.archlinux.org/ASA-201710-32", "reference_id": "ASA-201710-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-32" }, { "reference_url": "https://security.archlinux.org/AVG-469", "reference_id": "AVG-469", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-469" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613", "reference_id": "CVE-2017-12613", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3270", "reference_id": "RHSA-2017:3270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3270" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0316", "reference_id": "RHSA-2018:0316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1253", "reference_id": "RHSA-2018:1253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374485?format=api", "purl": "pkg:alpm/archlinux/apr@1.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.3-1" } ], "aliases": [ "CVE-2017-12613" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdxe-krj9-8kax" } ], "fixing_vulnerabilities": [], "risk_score": "3.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374485?format=api", "purl": "pkg:alpm/archlinux/apr@1.6.3-1", "type": "alpm", "namespace": "archlinux", "name": "apr", "version": "1.6.3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83867?format=api", "vulnerability_id": "VCID-jdxe-krj9-8kax", "summary": "apr: Out-of-bounds array deref in apr_time_exp*() functions", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0465" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0466" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12613.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48167", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48234", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48176", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.4823", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48224", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48249", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48223", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48205", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0025", "scoring_system": "epss", "scoring_elements": "0.48225", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12613" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12613" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:M/C:P/I:N/A:P" }, { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/12489f2e4a9f9d390235c16298aca0d20658789de80d553513977f13%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/r270dd5022db194b78acaf509216a33c85f3da43757defa05cc766339%40%3Ccommits.apr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra2868b53339a6af65577146ad87016368c138388b09bff9d2860f50e%40%3Cdev.apr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/ra38094406cc38a05218ebd1158187feda021b0c3a1df400bbf296af8%40%3Cdev.apr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rb1f3c85f50fbd924a0051675118d1609e57957a02ece7facb723155b%40%3Cannounce.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.apache.org/thread.html/rcc48a0acebbd74bbdeebc02ff228bb72c0631b21823fffe27d4691e9%40%3Ccommits.apr.apache.org%3E" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00005.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2022/01/msg00023.html" }, { "reference_url": "https://svn.apache.org/viewvc?view=revision&revision=1807976", "reference_id": "", "reference_type": "", "scores": [], "url": "https://svn.apache.org/viewvc?view=revision&revision=1807976" }, { "reference_url": "http://www.apache.org/dist/apr/Announcement1.x.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.apache.org/dist/apr/Announcement1.x.html" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2021/08/23/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2021/08/23/1" }, { "reference_url": "http://www.securityfocus.com/bid/101560", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101560" }, { "reference_url": "http://www.securitytracker.com/id/1042004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1042004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523", "reference_id": "1506523", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506523" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708", "reference_id": "879708", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879708" }, { "reference_url": "https://security.archlinux.org/ASA-201710-32", "reference_id": "ASA-201710-32", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-32" }, { "reference_url": "https://security.archlinux.org/AVG-469", "reference_id": "AVG-469", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-469" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613", "reference_id": "CVE-2017-12613", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:P" }, { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12613" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3270", "reference_id": "RHSA-2017:3270", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3270" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3475", "reference_id": "RHSA-2017:3475", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3475" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3476", "reference_id": "RHSA-2017:3476", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3476" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:3477", "reference_id": "RHSA-2017:3477", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:3477" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:0316", "reference_id": "RHSA-2018:0316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:0316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1253", "reference_id": "RHSA-2018:1253", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:1253" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374485?format=api", "purl": "pkg:alpm/archlinux/apr@1.6.3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.3-1" } ], "aliases": [ "CVE-2017-12613" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jdxe-krj9-8kax" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.6.3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/370975?format=api", "purl": "pkg:alpm/archlinux/apr@1.7.0-3", "type": "alpm", "namespace": "archlinux", "name": "apr", "version": "1.7.0-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80069?format=api", "vulnerability_id": "VCID-xz52-5z1u-cuf9", "summary": "apr: Regression of CVE-2017-12613 fix in apr 1.7", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-35940.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35940", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17825", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17918", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17874", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17999", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.18054", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17754", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17842", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00057", "scoring_system": "epss", "scoring_elements": "0.17903", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-35940" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35940" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980328", "reference_id": "1980328", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1980328" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789", "reference_id": "992789", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992789" }, { "reference_url": "https://security.archlinux.org/AVG-2313", "reference_id": "AVG-2313", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2313" }, { "reference_url": "https://usn.ubuntu.com/5056-1/", "reference_id": "USN-5056-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5056-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2021-35940" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xz52-5z1u-cuf9" } ], "fixing_vulnerabilities": [], "risk_score": "3.2", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr@1.7.0-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374959?format=api", "purl": "pkg:alpm/archlinux/apr-util@1.6.0-1", "type": "alpm", "namespace": "archlinux", "name": "apr-util", "version": "1.6.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.6.1-1", "latest_non_vulnerable_version": "1.6.1-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83868?format=api", "vulnerability_id": "VCID-8d91-nmr2-hbg7", "summary": "apr-util: Out-of-bounds access in corrupted SDBM database", "references": [ { "reference_url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45162", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45242", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45264", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45261", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52748", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52798", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52782", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:M/C:N/I:N/A:P" }, { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html" }, { "reference_url": "http://www.securityfocus.com/bid/101558", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101558" }, { "reference_url": "http://www.securitytracker.com/id/1042004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1042004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506532", "reference_id": "1506532", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506532" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996", "reference_id": "879996", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996" }, { "reference_url": "https://security.archlinux.org/ASA-201710-33", "reference_id": "ASA-201710-33", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-33" }, { "reference_url": "https://security.archlinux.org/AVG-468", "reference_id": "AVG-468", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-468" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12618", "reference_id": "CVE-2017-12618", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12618" }, { "reference_url": "https://usn.ubuntu.com/5737-1/", "reference_id": "USN-5737-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5737-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374960?format=api", "purl": "pkg:alpm/archlinux/apr-util@1.6.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.1-1" } ], "aliases": [ "CVE-2017-12618" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8d91-nmr2-hbg7" } ], "fixing_vulnerabilities": [], "risk_score": "2.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374960?format=api", "purl": "pkg:alpm/archlinux/apr-util@1.6.1-1", "type": "alpm", "namespace": "archlinux", "name": "apr-util", "version": "1.6.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83868?format=api", "vulnerability_id": "VCID-8d91-nmr2-hbg7", "summary": "apr-util: Out-of-bounds access in corrupted SDBM database", "references": [ { "reference_url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mail-archives.apache.org/mod_mbox/apr-dev/201710.mbox/%3CCACsi252POs4toeJJciwg09_eu2cO3XFg%3DUqsPjXsfjDoeC3-UQ%40mail.gmail.com%3E" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-12618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45162", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45242", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45264", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45206", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00225", "scoring_system": "epss", "scoring_elements": "0.45261", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52765", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52748", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52798", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00295", "scoring_system": "epss", "scoring_elements": "0.52782", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-12618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "1.4", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:M/C:N/I:N/A:P" }, { "value": "2.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00006.html" }, { "reference_url": "http://www.securityfocus.com/bid/101558", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101558" }, { "reference_url": "http://www.securitytracker.com/id/1042004", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1042004" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506532", "reference_id": "1506532", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506532" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996", "reference_id": "879996", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879996" }, { "reference_url": "https://security.archlinux.org/ASA-201710-33", "reference_id": "ASA-201710-33", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-33" }, { "reference_url": "https://security.archlinux.org/AVG-468", "reference_id": "AVG-468", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-468" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.14:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.15:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.17:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.18:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.19:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.20:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:0.9.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.0.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.1.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.2.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.11:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.12:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.13:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.3.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.5.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime_utility:1.6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12618", "reference_id": "CVE-2017-12618", "reference_type": "", "scores": [ { "value": "1.9", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12618" }, { "reference_url": "https://usn.ubuntu.com/5737-1/", "reference_id": "USN-5737-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5737-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374960?format=api", "purl": "pkg:alpm/archlinux/apr-util@1.6.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.1-1" } ], "aliases": [ "CVE-2017-12618" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8d91-nmr2-hbg7" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/apr-util@1.6.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372072?format=api", "purl": "pkg:alpm/archlinux/argocd@2.0.1-1", "type": "alpm", "namespace": "archlinux", "name": "argocd", "version": "2.0.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80271?format=api", "vulnerability_id": "VCID-bpzz-9qe3-2kdg", "summary": "argocd: ServiceAccount argocd-argocd-server is able to read all resources of the whole cluster", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3557.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3557.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3557", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39861", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40009", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39955", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40008", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40021", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.40032", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39995", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00182", "scoring_system": "epss", "scoring_elements": "0.39975", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3557" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961929", "reference_id": "1961929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961929" }, { "reference_url": "https://security.archlinux.org/AVG-1973", "reference_id": "AVG-1973", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1973" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2053", "reference_id": "RHSA-2021:2053", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2053" } ], "fixed_packages": [], "aliases": [ "CVE-2021-3557" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bpzz-9qe3-2kdg" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/argocd@2.0.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373097?format=api", "purl": "pkg:alpm/archlinux/ark@16.12.0-1", "type": "alpm", "namespace": "archlinux", "name": "ark", "version": "16.12.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "16.12.1-1", "latest_non_vulnerable_version": "20.08.0-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36095?format=api", "vulnerability_id": "VCID-ffje-day6-8qg2", "summary": "A vulnerability in Ark might allow remote attackers to execute\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66912", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66923", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66876", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66875", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5330" }, { "reference_url": "https://bugs.kde.org/show_bug.cgi?id=374572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.kde.org/show_bug.cgi?id=374572" }, { "reference_url": "https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/2" }, { "reference_url": "http://www.securityfocus.com/bid/95349", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95349" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411819", "reference_id": "1411819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411819" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874", "reference_id": "850874", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874" }, { "reference_url": "https://security.archlinux.org/ASA-201701-18", "reference_id": "ASA-201701-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-18" }, { "reference_url": "https://security.archlinux.org/AVG-130", "reference_id": "AVG-130", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-130" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5330", "reference_id": "CVE-2017-5330", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5330" }, { "reference_url": "https://security.gentoo.org/glsa/201701-69", "reference_id": "GLSA-201701-69", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373098?format=api", "purl": "pkg:alpm/archlinux/ark@16.12.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.1-1" } ], "aliases": [ "CVE-2017-5330" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffje-day6-8qg2" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373098?format=api", "purl": "pkg:alpm/archlinux/ark@16.12.1-1", "type": "alpm", "namespace": "archlinux", "name": "ark", "version": "16.12.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "20.08.0-2", "latest_non_vulnerable_version": "20.08.0-2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36095?format=api", "vulnerability_id": "VCID-ffje-day6-8qg2", "summary": "A vulnerability in Ark might allow remote attackers to execute\n arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5330.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5330", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66837", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66912", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66923", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66937", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66957", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66943", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66876", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66902", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00523", "scoring_system": "epss", "scoring_elements": "0.66875", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-5330" }, { "reference_url": "https://bugs.kde.org/show_bug.cgi?id=374572", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugs.kde.org/show_bug.cgi?id=374572" }, { "reference_url": "https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cgit.kde.org/ark.git/commit/?id=82fdfd24d46966a117fa625b68784735a40f9065" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5330" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:H/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NIMZUCG6IQR5S65IVQOXQFQV7TMVSYAT/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/01/10/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/01/10/2" }, { "reference_url": "http://www.securityfocus.com/bid/95349", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95349" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411819", "reference_id": "1411819", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411819" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874", "reference_id": "850874", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=850874" }, { "reference_url": "https://security.archlinux.org/ASA-201701-18", "reference_id": "ASA-201701-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-18" }, { "reference_url": "https://security.archlinux.org/AVG-130", "reference_id": "AVG-130", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-130" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:kde:ark:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5330", "reference_id": "CVE-2017-5330", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-5330" }, { "reference_url": "https://security.gentoo.org/glsa/201701-69", "reference_id": "GLSA-201701-69", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-69" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373098?format=api", "purl": "pkg:alpm/archlinux/ark@16.12.1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.1-1" } ], "aliases": [ "CVE-2017-5330" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffje-day6-8qg2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@16.12.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372333?format=api", "purl": "pkg:alpm/archlinux/ark@20.08.0-1", "type": "alpm", "namespace": "archlinux", "name": "ark", "version": "20.08.0-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "20.08.0-2", "latest_non_vulnerable_version": "20.08.0-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34685?format=api", "vulnerability_id": "VCID-1573-ctpz-bfhh", "summary": "Ark was found to allow arbitrary file overwrite, possibly allowing\n arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.7458", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74585", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74654", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74626", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880358", "reference_id": "1880358", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880358" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437", "reference_id": "969437", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437" }, { "reference_url": "https://security.archlinux.org/ASA-202009-2", "reference_id": "ASA-202009-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-2" }, { "reference_url": "https://security.archlinux.org/AVG-1216", "reference_id": "AVG-1216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1216" }, { "reference_url": "https://security.gentoo.org/glsa/202010-06", "reference_id": "GLSA-202010-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202010-06" }, { "reference_url": "https://security.gentoo.org/glsa/202101-06", "reference_id": "GLSA-202101-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-06" }, { "reference_url": "https://usn.ubuntu.com/4482-1/", "reference_id": "USN-4482-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4482-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372334?format=api", "purl": "pkg:alpm/archlinux/ark@20.08.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-2" } ], "aliases": [ "CVE-2020-24654" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1573-ctpz-bfhh" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372334?format=api", "purl": "pkg:alpm/archlinux/ark@20.08.0-2", "type": "alpm", "namespace": "archlinux", "name": "ark", "version": "20.08.0-2", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34685?format=api", "vulnerability_id": "VCID-1573-ctpz-bfhh", "summary": "Ark was found to allow arbitrary file overwrite, possibly allowing\n arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-24654.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24654", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.7458", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74584", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74611", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74585", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74617", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74631", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74654", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74634", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00835", "scoring_system": "epss", "scoring_elements": "0.74626", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-24654" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24654" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880358", "reference_id": "1880358", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1880358" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437", "reference_id": "969437", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969437" }, { "reference_url": "https://security.archlinux.org/ASA-202009-2", "reference_id": "ASA-202009-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202009-2" }, { "reference_url": "https://security.archlinux.org/AVG-1216", "reference_id": "AVG-1216", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1216" }, { "reference_url": "https://security.gentoo.org/glsa/202010-06", "reference_id": "GLSA-202010-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202010-06" }, { "reference_url": "https://security.gentoo.org/glsa/202101-06", "reference_id": "GLSA-202101-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202101-06" }, { "reference_url": "https://usn.ubuntu.com/4482-1/", "reference_id": "USN-4482-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4482-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372334?format=api", "purl": "pkg:alpm/archlinux/ark@20.08.0-2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-2" } ], "aliases": [ "CVE-2020-24654" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1573-ctpz-bfhh" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/ark@20.08.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373657?format=api", "purl": "pkg:alpm/archlinux/arpwatch@3.1-1", "type": "alpm", "namespace": "archlinux", "name": "arpwatch", "version": "3.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80202?format=api", "vulnerability_id": "VCID-h9sw-exyc-67dz", "summary": "arpwatch: Local privilege escalation from runtime user to root", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25321.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08633", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08733", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0871", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.0866", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08709", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08632", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08707", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08732", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-25321" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977090", "reference_id": "1977090", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1977090" }, { "reference_url": "https://security.archlinux.org/AVG-2110", "reference_id": "AVG-2110", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2110" } ], "fixed_packages": [], "aliases": [ "CVE-2021-25321" ], "risk_score": 3.3, "exploitability": "0.5", "weighted_severity": "6.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h9sw-exyc-67dz" } ], "fixing_vulnerabilities": [], "risk_score": "3.3", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/arpwatch@3.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373201?format=api", "purl": "pkg:alpm/archlinux/aspell@0.60.8-2", "type": "alpm", "namespace": "archlinux", "name": "aspell", "version": "0.60.8-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.60.8-3", "latest_non_vulnerable_version": "0.60.8-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30950?format=api", "vulnerability_id": "VCID-rtxt-2zns-byan", "summary": "A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1377", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13855", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13819", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13905", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13962", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13764", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13846", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13898", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984066", "reference_id": "1984066", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984066" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307", "reference_id": "991307", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307" }, { "reference_url": "https://security.archlinux.org/AVG-2178", "reference_id": "AVG-2178", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2178" }, { "reference_url": "https://security.gentoo.org/glsa/202402-31", "reference_id": "GLSA-202402-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1808", "reference_id": "RHSA-2022:1808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1808" }, { "reference_url": "https://usn.ubuntu.com/5023-1/", "reference_id": "USN-5023-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373202?format=api", "purl": "pkg:alpm/archlinux/aspell@0.60.8-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-3" } ], "aliases": [ "CVE-2019-25051" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rtxt-2zns-byan" } ], "fixing_vulnerabilities": [], "risk_score": "3.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373202?format=api", "purl": "pkg:alpm/archlinux/aspell@0.60.8-3", "type": "alpm", "namespace": "archlinux", "name": "aspell", "version": "0.60.8-3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/30950?format=api", "vulnerability_id": "VCID-rtxt-2zns-byan", "summary": "A vulnerability has been discovered in GNU Aspell which leads to a heap buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-25051.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25051", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.1377", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13855", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13819", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13905", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13962", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13764", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13846", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.13898", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-25051" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17544" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-25051" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984066", "reference_id": "1984066", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1984066" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307", "reference_id": "991307", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991307" }, { "reference_url": "https://security.archlinux.org/AVG-2178", "reference_id": "AVG-2178", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2178" }, { "reference_url": "https://security.gentoo.org/glsa/202402-31", "reference_id": "GLSA-202402-31", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-31" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1808", "reference_id": "RHSA-2022:1808", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1808" }, { "reference_url": "https://usn.ubuntu.com/5023-1/", "reference_id": "USN-5023-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5023-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373202?format=api", "purl": "pkg:alpm/archlinux/aspell@0.60.8-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-3" } ], "aliases": [ "CVE-2019-25051" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rtxt-2zns-byan" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspell@0.60.8-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/373688?format=api", "purl": "pkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1", "type": "alpm", "namespace": "archlinux", "name": "aspnet-runtime", "version": "5.0.6.sdk203-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "5.0.7.sdk204-1", "latest_non_vulnerable_version": "5.0.7.sdk204-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34408?format=api", "vulnerability_id": "VCID-mkvc-qau4-tqcd", "summary": "# Withdrawn\n\nThis advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory.\n\nThe underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.\n\n# Description.\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\n\n\n### Patches\n\n* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n\n* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n\n\n#### Other Details\n\n- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188\n- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91324", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91322", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91308", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91296", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91274", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31957" }, { "reference_url": "https://github.com/dotnet/aspnetcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/aspnetcore" }, { "reference_url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31957", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31957" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966990", "reference_id": "1966990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966990" }, { "reference_url": "https://security.archlinux.org/ASA-202106-37", "reference_id": "ASA-202106-37", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-37" }, { "reference_url": "https://security.archlinux.org/AVG-2046", "reference_id": "AVG-2046", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2046" }, { "reference_url": "https://github.com/advisories/GHSA-mcwm-2wmc-6hv4", "reference_id": "GHSA-mcwm-2wmc-6hv4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mcwm-2wmc-6hv4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2350", "reference_id": "RHSA-2021:2350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2351", "reference_id": "RHSA-2021:2351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2352", "reference_id": "RHSA-2021:2352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2353", "reference_id": "RHSA-2021:2353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2353" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373689?format=api", "purl": "pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1" } ], "aliases": [ "CVE-2021-31957", "GHSA-mcwm-2wmc-6hv4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvc-qau4-tqcd" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.6.sdk203-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373689?format=api", "purl": "pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1", "type": "alpm", "namespace": "archlinux", "name": "aspnet-runtime", "version": "5.0.7.sdk204-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34408?format=api", "vulnerability_id": "VCID-mkvc-qau4-tqcd", "summary": "# Withdrawn\n\nThis advisory was initially published and mapped incorrectly to nuget `Microsoft.NETCore.App.Ref`. We later reanalyzed this advisory and found it does not have a direct mapping to a NuGet package. Thus we have withdrawn this advisory.\n\nThe underlying ASP.NET Core Denial of Service Vulnerability and CVE-2021-31957 remain legitimate.\n\n# Description.\n\nMicrosoft is releasing this security advisory to provide information about a vulnerability in .NET 5.0 and .NET Core 3.1. This advisory also provides guidance on what developers can do to update their applications to remove this vulnerability.\n\nA denial of service vulnerability exists when ASP.NET Core improperly handles client disconnect. An attacker who successfully exploited this vulnerability could cause a denial of service against an ASP.NET Core web application. The vulnerability can be exploited remotely, without authentication.\n\n\n### Patches\n\n* If you're using .NET 5.0, you should download and install Runtime 5.0.7 or SDK 5.0.204 (for Visual Studio 2019 v16.8) or SDK 5.0.301 (for Visual Studio 2019 16.10) from https://dotnet.microsoft.com/download/dotnet-core/5.0.\n\n* If you're using .NET Core 3.1, you should download and install Runtime 3.1.16 or SDK 3.1.116 (for Visual Studio 2019 v16.4) or 3.1.410 (for Visual Studio 2019 v16.5 or later) from https://dotnet.microsoft.com/download/dotnet-core/3.1.\n\n\n\n#### Other Details\n\n- Announcement for this issue can be found at https://github.com/dotnet/announcements/issues/188\n- An Issue for this can be found at https://github.com/dotnet/aspnetcore/issues/33369\n- MSRC details for this can be found at https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2021-31957", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-31957.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31957", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91323", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91324", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91322", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91315", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91308", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91296", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91289", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91279", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.068", "scoring_system": "epss", "scoring_elements": "0.91274", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-31957" }, { "reference_url": "https://github.com/dotnet/aspnetcore", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/aspnetcore" }, { "reference_url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/dotnet/aspnetcore/security/advisories/GHSA-mcwm-2wmc-6hv4" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4PRVVLXXQEF4SEJOBV3VRJHGX7YHY2CG/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CVCDYIP4A6DDRT7G6P3ZW6PKNK2DNWJ2/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PMHWHRRYDHKM6BIINW5V7OCSW4SDWB4W/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VMAO4NG2OQ4PCXUQWMNSCMYWLIJJY6UY/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31957", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31957" }, { "reference_url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-31957" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966990", "reference_id": "1966990", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1966990" }, { "reference_url": "https://security.archlinux.org/ASA-202106-37", "reference_id": "ASA-202106-37", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-37" }, { "reference_url": "https://security.archlinux.org/AVG-2046", "reference_id": "AVG-2046", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2046" }, { "reference_url": "https://github.com/advisories/GHSA-mcwm-2wmc-6hv4", "reference_id": "GHSA-mcwm-2wmc-6hv4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-mcwm-2wmc-6hv4" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2350", "reference_id": "RHSA-2021:2350", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2350" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2351", "reference_id": "RHSA-2021:2351", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2351" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2352", "reference_id": "RHSA-2021:2352", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2352" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2353", "reference_id": "RHSA-2021:2353", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2353" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373689?format=api", "purl": "pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1" } ], "aliases": [ "CVE-2021-31957", "GHSA-mcwm-2wmc-6hv4" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mkvc-qau4-tqcd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aspnet-runtime@5.0.7.sdk204-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374159?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.2-2", "type": "alpm", "namespace": "archlinux", "name": "atftp", "version": "0.7.2-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.7.2-3", "latest_non_vulnerable_version": "0.7.5-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94617?format=api", "vulnerability_id": "VCID-r2dj-7m5m-7fgq", "summary": "An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52272", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52168", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52212", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52257", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52252", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52303", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066", "reference_id": "970066", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066" }, { "reference_url": "https://security.archlinux.org/ASA-202101-24", "reference_id": "ASA-202101-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-24" }, { "reference_url": "https://security.archlinux.org/AVG-1395", "reference_id": "AVG-1395", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1395" }, { "reference_url": "https://usn.ubuntu.com/6334-1/", "reference_id": "USN-6334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6334-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374160?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.2-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-3" } ], "aliases": [ "CVE-2020-6097" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2dj-7m5m-7fgq" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/374160?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.2-3", "type": "alpm", "namespace": "archlinux", "name": "atftp", "version": "0.7.2-3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "0.7.5-1", "latest_non_vulnerable_version": "0.7.5-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94617?format=api", "vulnerability_id": "VCID-r2dj-7m5m-7fgq", "summary": "An exploitable denial of service vulnerability exists in the atftpd daemon functionality of atftp 0.7.git20120829-3.1+b1. A specially crafted sequence of RRQ-Multicast requests trigger an assert() call resulting in denial-of-service. An attacker can send a sequence of malicious packets to trigger this vulnerability.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6097", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52272", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52286", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52168", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52212", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52239", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52203", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52257", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52252", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00288", "scoring_system": "epss", "scoring_elements": "0.52303", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6097" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6097" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066", "reference_id": "970066", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=970066" }, { "reference_url": "https://security.archlinux.org/ASA-202101-24", "reference_id": "ASA-202101-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202101-24" }, { "reference_url": "https://security.archlinux.org/AVG-1395", "reference_id": "AVG-1395", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1395" }, { "reference_url": "https://usn.ubuntu.com/6334-1/", "reference_id": "USN-6334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6334-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374160?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.2-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-3" } ], "aliases": [ "CVE-2020-6097" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2dj-7m5m-7fgq" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.2-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/373469?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.4-1", "type": "alpm", "namespace": "archlinux", "name": "atftp", "version": "0.7.4-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.7.5-1", "latest_non_vulnerable_version": "0.7.5-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94915?format=api", "vulnerability_id": "VCID-8gv8-qwdd-5fd2", "summary": "tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65258", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65285", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65176", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65251", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65217", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65267", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.6528", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65298", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895", "reference_id": "994895", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895" }, { "reference_url": "https://security.archlinux.org/AVG-2381", "reference_id": "AVG-2381", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2381" }, { "reference_url": "https://usn.ubuntu.com/6334-1/", "reference_id": "USN-6334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6334-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373470?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.5-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.5-1" } ], "aliases": [ "CVE-2021-41054" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gv8-qwdd-5fd2" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373470?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.5-1", "type": "alpm", "namespace": "archlinux", "name": "atftp", "version": "0.7.5-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94915?format=api", "vulnerability_id": "VCID-8gv8-qwdd-5fd2", "summary": "tftpd_file.c in atftp through 0.7.4 has a buffer overflow because buffer-size handling does not properly consider the combination of data, OACK, and other options.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41054", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65258", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65285", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65176", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65226", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65251", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65217", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65267", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.6528", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00484", "scoring_system": "epss", "scoring_elements": "0.65298", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-41054" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41054" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895", "reference_id": "994895", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=994895" }, { "reference_url": "https://security.archlinux.org/AVG-2381", "reference_id": "AVG-2381", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2381" }, { "reference_url": "https://usn.ubuntu.com/6334-1/", "reference_id": "USN-6334-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6334-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373470?format=api", "purl": "pkg:alpm/archlinux/atftp@0.7.5-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.5-1" } ], "aliases": [ "CVE-2021-41054" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8gv8-qwdd-5fd2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atftp@0.7.5-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373576?format=api", "purl": "pkg:alpm/archlinux/atomicparsley@20210617.200601.1ac7c08-1", "type": "alpm", "namespace": "archlinux", "name": "atomicparsley", "version": "20210617.200601.1ac7c08-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "20210715.151551.e7ad03a-1", "latest_non_vulnerable_version": "20210715.151551.e7ad03a-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=api", "vulnerability_id": "VCID-w4tx-u3hz-qqet", "summary": "Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69123", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69159", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.6914", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.6919", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69231", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69217", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366", "reference_id": "993366", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366" }, { "reference_url": "https://security.archlinux.org/AVG-2253", "reference_id": "AVG-2253", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2253" }, { "reference_url": "https://security.gentoo.org/glsa/202305-01", "reference_id": "GLSA-202305-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373577?format=api", "purl": "pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1" } ], "aliases": [ "CVE-2021-37232" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4tx-u3hz-qqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35807?format=api", "vulnerability_id": "VCID-wbxk-gdmk-yudc", "summary": "Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5684", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56956", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56932", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56986", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56974", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372", "reference_id": "993372", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375", "reference_id": "993375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375" }, { "reference_url": "https://security.archlinux.org/AVG-2253", "reference_id": "AVG-2253", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2253" }, { "reference_url": "https://security.gentoo.org/glsa/202305-01", "reference_id": "GLSA-202305-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373577?format=api", "purl": "pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1" } ], "aliases": [ "CVE-2021-37231" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbxk-gdmk-yudc" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210617.200601.1ac7c08-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373577?format=api", "purl": "pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1", "type": "alpm", "namespace": "archlinux", "name": "atomicparsley", "version": "20210715.151551.e7ad03a-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35808?format=api", "vulnerability_id": "VCID-w4tx-u3hz-qqet", "summary": "Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37232", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69188", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69123", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69138", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69159", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.6914", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.6919", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69209", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69231", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0059", "scoring_system": "epss", "scoring_elements": "0.69217", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37232" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37232" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366", "reference_id": "993366", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993366" }, { "reference_url": "https://security.archlinux.org/AVG-2253", "reference_id": "AVG-2253", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2253" }, { "reference_url": "https://security.gentoo.org/glsa/202305-01", "reference_id": "GLSA-202305-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373577?format=api", "purl": "pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1" } ], "aliases": [ "CVE-2021-37232" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w4tx-u3hz-qqet" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35807?format=api", "vulnerability_id": "VCID-wbxk-gdmk-yudc", "summary": "Multiple vulnerabilities have been discovered in AtomicParsley, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5695", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.5684", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56935", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56956", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56932", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56983", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56986", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56994", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00343", "scoring_system": "epss", "scoring_elements": "0.56974", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-37231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372", "reference_id": "993372", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993372" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375", "reference_id": "993375", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993375" }, { "reference_url": "https://security.archlinux.org/AVG-2253", "reference_id": "AVG-2253", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2253" }, { "reference_url": "https://security.gentoo.org/glsa/202305-01", "reference_id": "GLSA-202305-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373577?format=api", "purl": "pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1" } ], "aliases": [ "CVE-2021-37231" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbxk-gdmk-yudc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/atomicparsley@20210715.151551.e7ad03a-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374322?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.8-1", "type": "alpm", "namespace": "archlinux", "name": "aubio", "version": "0.4.8-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.4.9-1", "latest_non_vulnerable_version": "0.4.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5892?format=api", "vulnerability_id": "VCID-7kh4-36ar-vqdc", "summary": "aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77813", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77761", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77798", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77803", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.7783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77814", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802" }, { "reference_url": "https://github.com/advisories/GHSA-c6jq-h4jp-72pr", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6jq-h4jp-72pr" }, { "reference_url": "https://github.com/aubio/aubio", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186", "reference_id": "930186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186" }, { "reference_url": "https://security.archlinux.org/ASA-201902-8", "reference_id": "ASA-201902-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-8" }, { "reference_url": "https://security.archlinux.org/AVG-888", "reference_id": "AVG-888", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19802", "reference_id": "CVE-2018-19802", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374323?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1" } ], "aliases": [ "CVE-2018-19802", "GHSA-c6jq-h4jp-72pr", "PYSEC-2019-164" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh4-36ar-vqdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5891?format=api", "vulnerability_id": "VCID-bgwj-p1y1-mycb", "summary": "aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73328", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73374", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73381", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73323", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73365", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73356", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800" }, { "reference_url": "https://github.com/advisories/GHSA-grmf-4fq6-2r79", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grmf-4fq6-2r79" }, { "reference_url": "https://github.com/aubio/aubio", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186", "reference_id": "930186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186" }, { "reference_url": "https://security.archlinux.org/ASA-201902-8", "reference_id": "ASA-201902-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-8" }, { "reference_url": "https://security.archlinux.org/AVG-888", "reference_id": "AVG-888", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19800", "reference_id": "CVE-2018-19800", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19800" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374323?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1" } ], "aliases": [ "CVE-2018-19800", "GHSA-grmf-4fq6-2r79", "PYSEC-2019-162" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgwj-p1y1-mycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5893?format=api", "vulnerability_id": "VCID-k5dk-dngq-3ycy", "summary": "aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69365", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69386", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69358", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69453", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69415", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801" }, { "reference_url": "https://github.com/advisories/GHSA-7vvr-h4p5-m7fh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vvr-h4p5-m7fh" }, { "reference_url": "https://github.com/aubio/aubio", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19801" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186", "reference_id": "930186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186" }, { "reference_url": "https://security.archlinux.org/ASA-201902-8", "reference_id": "ASA-201902-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-8" }, { "reference_url": "https://security.archlinux.org/AVG-888", "reference_id": "AVG-888", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-888" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374323?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1" } ], "aliases": [ "CVE-2018-19801", "GHSA-7vvr-h4p5-m7fh", "PYSEC-2019-163" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5dk-dngq-3ycy" } ], "fixing_vulnerabilities": [], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.8-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374323?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.9-1", "type": "alpm", "namespace": "archlinux", "name": "aubio", "version": "0.4.9-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5892?format=api", "vulnerability_id": "VCID-7kh4-36ar-vqdc", "summary": "aubio v0.4.0 to v0.4.8 has a new_aubio_onset NULL pointer dereference.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00003.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00012.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19802", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77813", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77754", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77761", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77788", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77771", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77798", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77803", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.7783", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77814", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19802" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19802" }, { "reference_url": "https://github.com/advisories/GHSA-c6jq-h4jp-72pr", "reference_id": "", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-c6jq-h4jp-72pr" }, { "reference_url": "https://github.com/aubio/aubio", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/commit/c5ee1307bdc004e43302abeca1802c2692b33a8e" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-164.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186", "reference_id": "930186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186" }, { "reference_url": "https://security.archlinux.org/ASA-201902-8", "reference_id": "ASA-201902-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-8" }, { "reference_url": "https://security.archlinux.org/AVG-888", "reference_id": "AVG-888", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19802", "reference_id": "CVE-2018-19802", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19802" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374323?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1" } ], "aliases": [ "CVE-2018-19802", "GHSA-c6jq-h4jp-72pr", "PYSEC-2019-164" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh4-36ar-vqdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5891?format=api", "vulnerability_id": "VCID-bgwj-p1y1-mycb", "summary": "aubio v0.4.0 to v0.4.8 has a Buffer Overflow in new_aubio_tempo.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19800", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73328", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73374", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73381", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73401", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73323", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73365", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73332", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00763", "scoring_system": "epss", "scoring_elements": "0.73356", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19800" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19800" }, { "reference_url": "https://github.com/advisories/GHSA-grmf-4fq6-2r79", "reference_id": "", "reference_type": "", "scores": [ { "value": "CRITICAL", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-grmf-4fq6-2r79" }, { "reference_url": "https://github.com/aubio/aubio", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/commit/b1559f4c9ce2b304d8d27ffdc7128b6795ca82e5" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-162.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186", "reference_id": "930186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186" }, { "reference_url": "https://security.archlinux.org/ASA-201902-8", "reference_id": "ASA-201902-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-8" }, { "reference_url": "https://security.archlinux.org/AVG-888", "reference_id": "AVG-888", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-888" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19800", "reference_id": "CVE-2018-19800", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "9.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19800" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374323?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1" } ], "aliases": [ "CVE-2018-19800", "GHSA-grmf-4fq6-2r79", "PYSEC-2019-162" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bgwj-p1y1-mycb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5893?format=api", "vulnerability_id": "VCID-k5dk-dngq-3ycy", "summary": "aubio v0.4.0 to v0.4.8 has a NULL pointer dereference in new_aubio_filterbank via invalid n_filters.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00063.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00067.html" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19801", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69365", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69386", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69369", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69358", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69453", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69438", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69424", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00599", "scoring_system": "epss", "scoring_elements": "0.69415", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-19801" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19801" }, { "reference_url": "https://github.com/advisories/GHSA-7vvr-h4p5-m7fh", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7vvr-h4p5-m7fh" }, { "reference_url": "https://github.com/aubio/aubio", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio" }, { "reference_url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/aubio/aubio/blob/0.4.9/ChangeLog" }, { "reference_url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/pypa/advisory-database/tree/main/vulns/aubio/PYSEC-2019-163.yaml" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IYIKPYXZIWYWWNNORSKWRCFFCP6AFMRZ/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OHIRMWW4JQ6UHJK4AVBJLFRLE2TPKC2W/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19801", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "8.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-19801" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186", "reference_id": "930186", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930186" }, { "reference_url": "https://security.archlinux.org/ASA-201902-8", "reference_id": "ASA-201902-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-8" }, { "reference_url": "https://security.archlinux.org/AVG-888", "reference_id": "AVG-888", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-888" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374323?format=api", "purl": "pkg:alpm/archlinux/aubio@0.4.9-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1" } ], "aliases": [ "CVE-2018-19801", "GHSA-7vvr-h4p5-m7fh", "PYSEC-2019-163" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5dk-dngq-3ycy" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/aubio@0.4.9-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371003?format=api", "purl": "pkg:alpm/archlinux/audacity@1:2.4.1-4", "type": "alpm", "namespace": "archlinux", "name": "audacity", "version": "1:2.4.1-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94339?format=api", "vulnerability_id": "VCID-veb9-7659-wfg7", "summary": "Audacity through 2.3.3 saves temporary files to /var/tmp/audacity-$USER by default. After Audacity creates the temporary directory, it sets its permissions to 755. Any user on the system can read and play the temporary audio .au files located there.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11867", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30745", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30749", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30876", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30923", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30743", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30801", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30833", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.30835", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00118", "scoring_system": "epss", "scoring_elements": "0.3079", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11867" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11867" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976874", "reference_id": "976874", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=976874" }, { "reference_url": "https://security.archlinux.org/AVG-1311", "reference_id": "AVG-1311", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1311" }, { "reference_url": "https://usn.ubuntu.com/7211-1/", "reference_id": "USN-7211-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7211-1/" } ], "fixed_packages": [], "aliases": [ "CVE-2020-11867" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-veb9-7659-wfg7" } ], "fixing_vulnerabilities": [], "risk_score": "1.4", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audacity@1:2.4.1-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/373055?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-3", "type": "alpm", "namespace": "archlinux", "name": "audiofile", "version": "0.3.6-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.3.6-4", "latest_non_vulnerable_version": "0.3.6-4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84556?format=api", "vulnerability_id": "VCID-2fxt-mcp5-vkdz", "summary": "audiofile: Index out of bounds for type int16_t", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90718", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90746", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90757", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90763", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90771", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90724", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90735", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6837" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/41" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" }, { "reference_url": "http://www.securityfocus.com/bid/97314", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97314" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432942", "reference_id": "1432942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432942" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6837", "reference_id": "CVE-2017-6837", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6837" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6837" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxt-mcp5-vkdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84547?format=api", "vulnerability_id": "VCID-411s-5r62-zubr", "summary": "audiofile: Heap-based buffer overflow in readValue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17241", "scoring_system": "epss", "scoring_elements": "0.95028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.9571", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95719", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.9573", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95742", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95746", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432925", "reference_id": "1432925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432925" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6828" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-411s-5r62-zubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84550?format=api", "vulnerability_id": "VCID-5ckf-qbbb-57f7", "summary": "audiofile: Heap-based buffer overflow in IMA::decodeBlockWAVE", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02789", "scoring_system": "epss", "scoring_elements": "0.86083", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89149", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.8916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89156", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89109", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6831" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6" }, { "reference_url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/35", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/35" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/3" }, { "reference_url": "http://www.securityfocus.com/bid/97588", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97588" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432930", "reference_id": "1432930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432930" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6831", "reference_id": "CVE-2017-6831", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6831" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6831" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ckf-qbbb-57f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84549?format=api", "vulnerability_id": "VCID-87tp-awyv-4yad", "summary": "audiofile: Heap-based buffer overflow in alaw2linear_buf", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04897", "scoring_system": "epss", "scoring_elements": "0.89594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91337", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91384", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91387", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91341", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91351", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91359", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91371", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6830" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/34", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/34" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432929", "reference_id": "1432929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432929" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6830", "reference_id": "CVE-2017-6830", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6830" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6830" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87tp-awyv-4yad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84554?format=api", "vulnerability_id": "VCID-913x-rwya-xbgt", "summary": "audiofile: Heap-based buffer overflow in Expand3To4Module::run", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89652", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89702", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89701", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89655", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.8967", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89689", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6836" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/40", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/40" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432937", "reference_id": "1432937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432937" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6836", "reference_id": "CVE-2017-6836", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6836" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6836" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-913x-rwya-xbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84557?format=api", "vulnerability_id": "VCID-aeat-dx5y-dfgr", "summary": "audiofile: Signed integer overflow in sfconvert.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90439", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90461", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90479", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90455", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6838" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/41" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432943", "reference_id": "1432943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432943" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6838", "reference_id": "CVE-2017-6838", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6838" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6838" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aeat-dx5y-dfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84552?format=api", "vulnerability_id": "VCID-gg9m-4dyw-3ub1", "summary": "audiofile: Divide-by-zero in BlockCodec::runPull", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90439", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90479", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90461", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6833" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/37" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432933", "reference_id": "1432933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432933" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6833", "reference_id": "CVE-2017-6833", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6833" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6833" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gg9m-4dyw-3ub1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84555?format=api", "vulnerability_id": "VCID-j162-684h-wqak", "summary": "audiofile: Divide-by-zero in BlockCodec::reset1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89011", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89019", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89054", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6835" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/39", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/39" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432939", "reference_id": "1432939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432939" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6835", "reference_id": "CVE-2017-6835", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6835" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6835" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j162-684h-wqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84546?format=api", "vulnerability_id": "VCID-nmab-8ky6-nyb4", "summary": "audiofile: Heap-based buffer overflow in MSADPCM::initializeCoefficients", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.9692", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96928", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96944", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96946", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96949", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.9695", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96951", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432924", "reference_id": "1432924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432924" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6827" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmab-8ky6-nyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84558?format=api", "vulnerability_id": "VCID-qw16-rfw7-2qdk", "summary": "audiofile: Signed integer overflow in MSADPCM.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89011", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89054", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89019", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6839" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/41" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432944", "reference_id": "1432944", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432944" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6839", "reference_id": "CVE-2017-6839", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6839" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6839" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qw16-rfw7-2qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84553?format=api", "vulnerability_id": "VCID-sekd-w6gm-67dv", "summary": "audiofile: Heap-based buffer overflow in ulaw2linear_buf", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04313", "scoring_system": "epss", "scoring_elements": "0.88897", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91337", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91384", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91387", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91341", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91351", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91359", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6834" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/38" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432935", "reference_id": "1432935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432935" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6834", "reference_id": "CVE-2017-6834", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6834" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6834" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sekd-w6gm-67dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84548?format=api", "vulnerability_id": "VCID-sfj3-8vbt-bkfp", "summary": "audiofile: Global buffer overflow in decodeSample", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89166", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89212", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89222", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89218", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89173", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89189", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89208", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6829" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/33", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/33" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/1" }, { "reference_url": "http://www.securityfocus.com/bid/97189", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432928", "reference_id": "1432928", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432928" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6829", "reference_id": "CVE-2017-6829", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6829" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6829" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfj3-8vbt-bkfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84551?format=api", "vulnerability_id": "VCID-ur9b-fgja-r7he", "summary": "audiofile: Heap-based buffer overflow in MSADPCM::decodeBlock", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89149", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.8916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89156", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89109", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6832" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/36" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/4" }, { "reference_url": "http://www.securityfocus.com/bid/97589", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97589" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432932", "reference_id": "1432932", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432932" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6832", "reference_id": "CVE-2017-6832", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6832" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6832" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9b-fgja-r7he" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "type": "alpm", "namespace": "archlinux", "name": "audiofile", "version": "0.3.6-4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84556?format=api", "vulnerability_id": "VCID-2fxt-mcp5-vkdz", "summary": "audiofile: Index out of bounds for type int16_t", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6837.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90718", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90768", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90746", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90757", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90763", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90771", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90724", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06086", "scoring_system": "epss", "scoring_elements": "0.90735", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6837" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/c48e4c6503f7dabd41f11d4c9c7b7f8960e7f2c0" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/41" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" }, { "reference_url": "http://www.securityfocus.com/bid/97314", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97314" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432942", "reference_id": "1432942", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432942" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6837", "reference_id": "CVE-2017-6837", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6837" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6837" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2fxt-mcp5-vkdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84547?format=api", "vulnerability_id": "VCID-411s-5r62-zubr", "summary": "audiofile: Heap-based buffer overflow in readValue", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6828.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.17241", "scoring_system": "epss", "scoring_elements": "0.95028", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.9571", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95719", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95727", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.9573", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95739", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95742", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.21753", "scoring_system": "epss", "scoring_elements": "0.95746", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432925", "reference_id": "1432925", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432925" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6828" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-411s-5r62-zubr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84550?format=api", "vulnerability_id": "VCID-5ckf-qbbb-57f7", "summary": "audiofile: Heap-based buffer overflow in IMA::decodeBlockWAVE", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6831.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02789", "scoring_system": "epss", "scoring_elements": "0.86083", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89149", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.8916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89156", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89109", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6831" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-imadecodeblockwave-ima-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/a2e9eab8ea87c4ffc494d839ebb4ea145eb9f2e6" }, { "reference_url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/Hack-Me/Pocs_for_Multi_Versions/tree/main/CVE-2017-6831" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/35", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/35" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/3" }, { "reference_url": "http://www.securityfocus.com/bid/97588", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97588" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432930", "reference_id": "1432930", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432930" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6831", "reference_id": "CVE-2017-6831", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6831" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6831" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ckf-qbbb-57f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84549?format=api", "vulnerability_id": "VCID-87tp-awyv-4yad", "summary": "audiofile: Heap-based buffer overflow in alaw2linear_buf", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6830.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04897", "scoring_system": "epss", "scoring_elements": "0.89594", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91337", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91384", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91387", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91341", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91351", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91359", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91371", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6830" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-alaw2linear_buf-g711-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/34", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/34" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/2" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432929", "reference_id": "1432929", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432929" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6830", "reference_id": "CVE-2017-6830", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6830" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6830" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-87tp-awyv-4yad" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84554?format=api", "vulnerability_id": "VCID-913x-rwya-xbgt", "summary": "audiofile: Heap-based buffer overflow in Expand3To4Module::run", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6836.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89652", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89694", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89695", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89702", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89701", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89655", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.8967", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89672", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04984", "scoring_system": "epss", "scoring_elements": "0.89689", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6836" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-expand3to4modulerun-simplemodule-h/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/40", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/40" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/8" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432937", "reference_id": "1432937", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432937" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6836", "reference_id": "CVE-2017-6836", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6836" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6836" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-913x-rwya-xbgt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84557?format=api", "vulnerability_id": "VCID-aeat-dx5y-dfgr", "summary": "audiofile: Signed integer overflow in sfconvert.c", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6838.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90439", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90461", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90479", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90455", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6838" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/7d65f89defb092b63bcbc5d98349fb222ca73b3c" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/41" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432943", "reference_id": "1432943", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432943" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6838", "reference_id": "CVE-2017-6838", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6838" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6838" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aeat-dx5y-dfgr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84552?format=api", "vulnerability_id": "VCID-gg9m-4dyw-3ub1", "summary": "audiofile: Divide-by-zero in BlockCodec::runPull", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6833.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90439", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90473", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90479", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90486", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90443", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90455", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.90461", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6833" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecrunpull-blockcodec-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/37", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/37" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/5", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/5" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432933", "reference_id": "1432933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432933" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6833", "reference_id": "CVE-2017-6833", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6833" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6833" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gg9m-4dyw-3ub1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84555?format=api", "vulnerability_id": "VCID-j162-684h-wqak", "summary": "audiofile: Divide-by-zero in BlockCodec::reset1", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6835.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89011", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89065", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89019", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89054", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6835" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-divide-by-zero-in-blockcodecreset1-blockcodec-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/39", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/39" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/7", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/7" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432939", "reference_id": "1432939", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432939" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6835", "reference_id": "CVE-2017-6835", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6835" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6835" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j162-684h-wqak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84546?format=api", "vulnerability_id": "VCID-nmab-8ky6-nyb4", "summary": "audiofile: Heap-based buffer overflow in MSADPCM::initializeCoefficients", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6827.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.9692", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96928", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96932", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96936", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96944", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96946", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96949", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.9695", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33778", "scoring_system": "epss", "scoring_elements": "0.96951", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432924", "reference_id": "1432924", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432924" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6827" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nmab-8ky6-nyb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84558?format=api", "vulnerability_id": "VCID-qw16-rfw7-2qdk", "summary": "audiofile: Signed integer overflow in MSADPCM.cpp", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89011", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89035", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89037", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89054", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89059", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89071", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89067", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04451", "scoring_system": "epss", "scoring_elements": "0.89019", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05773", "scoring_system": "epss", "scoring_elements": "0.9048", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6839" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-multiple-ubsan-crashes/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/beacc44eb8cdf6d58717ec1a5103c5141f1b37f9" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/41", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/41" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/9", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/9" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432944", "reference_id": "1432944", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432944" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6839", "reference_id": "CVE-2017-6839", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6839" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6839" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qw16-rfw7-2qdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84553?format=api", "vulnerability_id": "VCID-sekd-w6gm-67dv", "summary": "audiofile: Heap-based buffer overflow in ulaw2linear_buf", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6834.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04313", "scoring_system": "epss", "scoring_elements": "0.88897", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91337", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91371", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91378", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91384", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91387", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91341", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91351", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06895", "scoring_system": "epss", "scoring_elements": "0.91359", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6834" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-ulaw2linear_buf-g711-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/38", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/38" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/6", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/6" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432935", "reference_id": "1432935", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432935" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.2.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6834", "reference_id": "CVE-2017-6834", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6834" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6834" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sekd-w6gm-67dv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84548?format=api", "vulnerability_id": "VCID-sfj3-8vbt-bkfp", "summary": "audiofile: Global buffer overflow in decodeSample", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89166", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89216", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89212", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89222", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89218", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89173", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89187", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89189", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04576", "scoring_system": "epss", "scoring_elements": "0.89208", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6829" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-global-buffer-overflow-in-decodesample-ima-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/antlarr/audiofile/commit/25eb00ce913452c2e614548d7df93070bf0d066f" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/33", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/33" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/1" }, { "reference_url": "http://www.securityfocus.com/bid/97189", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97189" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432928", "reference_id": "1432928", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432928" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6829", "reference_id": "CVE-2017-6829", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6829" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6829" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sfj3-8vbt-bkfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/84551?format=api", "vulnerability_id": "VCID-ur9b-fgja-r7he", "summary": "audiofile: Heap-based buffer overflow in MSADPCM::decodeBlock", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6832.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.891", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89153", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89149", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.8916", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89156", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89109", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89123", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89126", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04517", "scoring_system": "epss", "scoring_elements": "0.89144", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-6832" }, { "reference_url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://blogs.gentoo.org/ago/2017/02/20/audiofile-heap-based-buffer-overflow-in-msadpcmdecodeblock-msadpcm-cpp/" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6827" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6828" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6830" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6831" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6832" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6833" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6834" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6835" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6836" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6837" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6838" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6839" }, { "reference_url": "https://github.com/mpruett/audiofile/issues/36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/issues/36" }, { "reference_url": "https://github.com/mpruett/audiofile/pull/42", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpruett/audiofile/pull/42" }, { "reference_url": "http://www.debian.org/security/2017/dsa-3814", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2017/dsa-3814" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2017/03/13/4", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2017/03/13/4" }, { "reference_url": "http://www.securityfocus.com/bid/97589", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97589" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432932", "reference_id": "1432932", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1432932" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651", "reference_id": "857651", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=857651" }, { "reference_url": "https://security.archlinux.org/ASA-201708-9", "reference_id": "ASA-201708-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201708-9" }, { "reference_url": "https://security.archlinux.org/AVG-205", "reference_id": "AVG-205", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-205" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:audiofile:audiofile:0.3.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6832", "reference_id": "CVE-2017-6832", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6832" }, { "reference_url": "https://usn.ubuntu.com/3241-1/", "reference_id": "USN-3241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3241-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373056?format=api", "purl": "pkg:alpm/archlinux/audiofile@0.3.6-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" } ], "aliases": [ "CVE-2017-6832" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ur9b-fgja-r7he" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/audiofile@0.3.6-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/374765?format=api", "purl": "pkg:alpm/archlinux/avahi@0.8%2B20%2Bgd1e71b3-1", "type": "alpm", "namespace": "archlinux", "name": "avahi", "version": "0.8+20+gd1e71b3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.8+22+gfd482a7-1", "latest_non_vulnerable_version": "1:0.8+r127+g55d783d-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80482?format=api", "vulnerability_id": "VCID-hjrp-3yew-wqeg", "summary": "avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09103", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09152", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09108", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09165", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09196", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914", "reference_id": "1946914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018", "reference_id": "986018", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018" }, { "reference_url": "https://security.archlinux.org/AVG-2341", "reference_id": "AVG-2341", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6707", "reference_id": "RHSA-2023:6707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6707" }, { "reference_url": "https://usn.ubuntu.com/5008-1/", "reference_id": "USN-5008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5008-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374766?format=api", "purl": "pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-1" } ], "aliases": [ "CVE-2021-3502" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrp-3yew-wqeg" } ], "fixing_vulnerabilities": [], "risk_score": "2.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B20%252Bgd1e71b3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374766?format=api", "purl": "pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-1", "type": "alpm", "namespace": "archlinux", "name": "avahi", "version": "0.8+22+gfd482a7-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "1:0.8+r127+g55d783d-1", "latest_non_vulnerable_version": "1:0.8+r127+g55d783d-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80482?format=api", "vulnerability_id": "VCID-hjrp-3yew-wqeg", "summary": "avahi: reachable assertion in avahi_s_host_name_resolver_start when trying to resolve badly-formatted hostnames", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3502.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3502", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09103", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09152", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09198", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09166", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09108", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09085", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09165", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00032", "scoring_system": "epss", "scoring_elements": "0.09196", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3502" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3502" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914", "reference_id": "1946914", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1946914" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018", "reference_id": "986018", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986018" }, { "reference_url": "https://security.archlinux.org/AVG-2341", "reference_id": "AVG-2341", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2341" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6707", "reference_id": "RHSA-2023:6707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6707" }, { "reference_url": "https://usn.ubuntu.com/5008-1/", "reference_id": "USN-5008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5008-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374766?format=api", "purl": "pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-1" } ], "aliases": [ "CVE-2021-3502" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hjrp-3yew-wqeg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374690?format=api", "purl": "pkg:alpm/archlinux/avahi@0.8%2B22%2Bgfd482a7-3", "type": "alpm", "namespace": "archlinux", "name": "avahi", "version": "0.8+22+gfd482a7-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1:0.8+r127+g55d783d-1", "latest_non_vulnerable_version": "1:0.8+r127+g55d783d-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80528?format=api", "vulnerability_id": "VCID-rpzc-ryw1-p7e5", "summary": "avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08621", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08682", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08647", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08697", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08617", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939614", "reference_id": "1939614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939614" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938", "reference_id": "984938", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938" }, { "reference_url": "https://security.archlinux.org/AVG-1742", "reference_id": "AVG-1742", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6707", "reference_id": "RHSA-2023:6707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7836", "reference_id": "RHSA-2023:7836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0418", "reference_id": "RHSA-2024:0418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0576", "reference_id": "RHSA-2024:0576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0576" }, { "reference_url": "https://usn.ubuntu.com/5008-1/", "reference_id": "USN-5008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5008-1/" }, { "reference_url": "https://usn.ubuntu.com/5008-2/", "reference_id": "USN-5008-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5008-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374691?format=api", "purl": "pkg:alpm/archlinux/avahi@1:0.8%2Br127%2Bg55d783d-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@1:0.8%252Br127%252Bg55d783d-1" } ], "aliases": [ "CVE-2021-3468" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpzc-ryw1-p7e5" } ], "fixing_vulnerabilities": [], "risk_score": "2.8", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@0.8%252B22%252Bgfd482a7-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/374691?format=api", "purl": "pkg:alpm/archlinux/avahi@1:0.8%2Br127%2Bg55d783d-1", "type": "alpm", "namespace": "archlinux", "name": "avahi", "version": "1:0.8+r127+g55d783d-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80528?format=api", "vulnerability_id": "VCID-rpzc-ryw1-p7e5", "summary": "avahi: Local DoS by event-busy-loop from writing long lines to /run/avahi-daemon/socket", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3468.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3468", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08621", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08682", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08695", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08719", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08647", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08697", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08617", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3468" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3468" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939614", "reference_id": "1939614", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1939614" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938", "reference_id": "984938", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=984938" }, { "reference_url": "https://security.archlinux.org/AVG-1742", "reference_id": "AVG-1742", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1742" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6707", "reference_id": "RHSA-2023:6707", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6707" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7836", "reference_id": "RHSA-2023:7836", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7836" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0418", "reference_id": "RHSA-2024:0418", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0418" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0576", "reference_id": "RHSA-2024:0576", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0576" }, { "reference_url": "https://usn.ubuntu.com/5008-1/", "reference_id": "USN-5008-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5008-1/" }, { "reference_url": "https://usn.ubuntu.com/5008-2/", "reference_id": "USN-5008-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5008-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374691?format=api", "purl": "pkg:alpm/archlinux/avahi@1:0.8%2Br127%2Bg55d783d-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@1:0.8%252Br127%252Bg55d783d-1" } ], "aliases": [ "CVE-2021-3468" ], "risk_score": 2.8, "exploitability": "0.5", "weighted_severity": "5.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rpzc-ryw1-p7e5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/avahi@1:0.8%252Br127%252Bg55d783d-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372155?format=api", "purl": "pkg:alpm/archlinux/awstats@7.8-2", "type": "alpm", "namespace": "archlinux", "name": "awstats", "version": "7.8-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "7.8-3", "latest_non_vulnerable_version": "7.8-3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94571?format=api", "vulnerability_id": "VCID-fxrv-1bju-qkgm", "summary": "In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76192", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76131", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76135", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.7618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76194", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76218", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190", "reference_id": "977190", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190" }, { "reference_url": "https://security.archlinux.org/ASA-202103-15", "reference_id": "ASA-202103-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-15" }, { "reference_url": "https://security.archlinux.org/AVG-1356", "reference_id": "AVG-1356", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1356" }, { "reference_url": "https://usn.ubuntu.com/4953-1/", "reference_id": "USN-4953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372156?format=api", "purl": "pkg:alpm/archlinux/awstats@7.8-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-3" } ], "aliases": [ "CVE-2020-35176" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/372156?format=api", "purl": "pkg:alpm/archlinux/awstats@7.8-3", "type": "alpm", "namespace": "archlinux", "name": "awstats", "version": "7.8-3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94571?format=api", "vulnerability_id": "VCID-fxrv-1bju-qkgm", "summary": "In AWStats through 7.8, cgi-bin/awstats.pl?config= accepts a partial absolute pathname (omitting the initial /etc), even though it was intended to only read a file in the /etc/awstats/awstats.conf format. NOTE: this issue exists because of an incomplete fix for CVE-2017-1000501 and CVE-2020-29600.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35176", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76192", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76131", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76135", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76167", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76148", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.7618", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76194", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00937", "scoring_system": "epss", "scoring_elements": "0.76218", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-35176" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35176" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190", "reference_id": "977190", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977190" }, { "reference_url": "https://security.archlinux.org/ASA-202103-15", "reference_id": "ASA-202103-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202103-15" }, { "reference_url": "https://security.archlinux.org/AVG-1356", "reference_id": "AVG-1356", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1356" }, { "reference_url": "https://usn.ubuntu.com/4953-1/", "reference_id": "USN-4953-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4953-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372156?format=api", "purl": "pkg:alpm/archlinux/awstats@7.8-3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-3" } ], "aliases": [ "CVE-2020-35176" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fxrv-1bju-qkgm" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/awstats@7.8-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/371374?format=api", "purl": "pkg:alpm/archlinux/bash@4.3.026-1", "type": "alpm", "namespace": "archlinux", "name": "bash", "version": "4.3.026-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "4.3.027-1", "latest_non_vulnerable_version": "4.3.027-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39490?format=api", "vulnerability_id": "VCID-sqj7-9htv-nbfn", "summary": "Multiple parsing flaws in Bash could allow remote attackers to\n inject code or cause a Denial of Service condition.", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" }, { "reference_url": "http://jvn.jp/en/jp/JVN55667175/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvn.jp/en/jp/JVN55667175/index.html" }, { "reference_url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html" }, { "reference_url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html" }, { "reference_url": "http://linux.oracle.com/errata/ELSA-2014-3093", "reference_id": "", "reference_type": "", "scores": [], "url": "http://linux.oracle.com/errata/ELSA-2014-3093" }, { "reference_url": "http://linux.oracle.com/errata/ELSA-2014-3094", "reference_id": "", "reference_type": "", "scores": [], "url": "http://linux.oracle.com/errata/ELSA-2014-3094" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141330468527613&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141330468527613&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141345648114150&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141345648114150&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383026420882&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383026420882&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383081521087&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383081521087&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383196021590&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383196021590&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383244821813&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383244821813&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383304022067&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383304022067&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383353622268&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383353622268&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383465822787&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383465822787&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141450491804793&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141450491804793&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141576728022234&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141576728022234&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577137423233&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141577137423233&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577241923505&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141577241923505&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577297623641&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141577297623641&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141585637922673&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141585637922673&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142289270617409&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142289270617409&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142358078406056&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142358078406056&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" }, { "reference_url": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86544", "scoring_system": "epss", "scoring_elements": "0.99416", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99471", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99474", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99475", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.9947", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99468", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99473", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277" }, { "reference_url": "http://secunia.com/advisories/58200", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/58200" }, { "reference_url": "http://secunia.com/advisories/59907", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59907" }, { "reference_url": "http://secunia.com/advisories/59961", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59961" }, { "reference_url": "http://secunia.com/advisories/60024", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60024" }, { "reference_url": "http://secunia.com/advisories/60034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60034" }, { "reference_url": "http://secunia.com/advisories/60044", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60044" }, { "reference_url": "http://secunia.com/advisories/60055", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60055" }, { "reference_url": "http://secunia.com/advisories/60063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60063" }, { "reference_url": "http://secunia.com/advisories/60193", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60193" }, { "reference_url": "http://secunia.com/advisories/60325", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60325" }, { "reference_url": "http://secunia.com/advisories/60433", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60433" }, { "reference_url": "http://secunia.com/advisories/61065", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61065" }, { "reference_url": "http://secunia.com/advisories/61128", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61128" }, { "reference_url": "http://secunia.com/advisories/61129", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61129" }, { "reference_url": "http://secunia.com/advisories/61283", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61283" }, { "reference_url": "http://secunia.com/advisories/61287", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61287" }, { "reference_url": "http://secunia.com/advisories/61291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61291" }, { "reference_url": "http://secunia.com/advisories/61312", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61312" }, { "reference_url": "http://secunia.com/advisories/61313", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61313" }, { "reference_url": "http://secunia.com/advisories/61328", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61328" }, { "reference_url": "http://secunia.com/advisories/61442", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61442" }, { "reference_url": "http://secunia.com/advisories/61471", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61471" }, { "reference_url": "http://secunia.com/advisories/61485", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61485" }, { "reference_url": "http://secunia.com/advisories/61503", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61503" }, { "reference_url": "http://secunia.com/advisories/61550", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61550" }, { "reference_url": "http://secunia.com/advisories/61552", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61552" }, { "reference_url": "http://secunia.com/advisories/61565", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61565" }, { "reference_url": "http://secunia.com/advisories/61603", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61603" }, { "reference_url": "http://secunia.com/advisories/61633", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61633" }, { "reference_url": "http://secunia.com/advisories/61641", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61641" }, { "reference_url": "http://secunia.com/advisories/61643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61643" }, { "reference_url": "http://secunia.com/advisories/61654", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61654" }, { "reference_url": "http://secunia.com/advisories/61703", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61703" }, { "reference_url": "http://secunia.com/advisories/61780", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61780" }, { "reference_url": "http://secunia.com/advisories/61816", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61816" }, { "reference_url": "http://secunia.com/advisories/61857", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61857" }, { "reference_url": "http://secunia.com/advisories/62312", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/62312" }, { "reference_url": "http://secunia.com/advisories/62343", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/62343" }, { "reference_url": "https://kb.bluecoat.com/index?page=content&id=SA82", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.bluecoat.com/index?page=content&id=SA82" }, { "reference_url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" }, { "reference_url": "https://support.apple.com/HT205267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT205267" }, { "reference_url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", "reference_id": "", "reference_type": "", "scores": [], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" }, { "reference_url": "https://support.citrix.com/article/CTX200217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.citrix.com/article/CTX200217" }, { "reference_url": "https://support.citrix.com/article/CTX200223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.citrix.com/article/CTX200223" }, { "reference_url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" }, { "reference_url": "http://support.apple.com/HT204244", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/HT204244" }, { "reference_url": "http://support.novell.com/security/cve/CVE-2014-6277.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.novell.com/security/cve/CVE-2014-6277.html" }, { "reference_url": "https://www.suse.com/support/shellshock/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.suse.com/support/shellshock/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" }, { "reference_url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" }, { "reference_url": "http://www.novell.com/support/kb/doc.php?id=7015721", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.novell.com/support/kb/doc.php?id=7015721" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" }, { "reference_url": "http://www.qnap.com/i/en/support/con_show.php?cid=61", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.qnap.com/i/en/support/con_show.php?cid=61" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2380-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2380-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147189", "reference_id": "1147189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147189" }, { "reference_url": "https://security.archlinux.org/AVG-924", "reference_id": "AVG-924", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-924" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt", "reference_id": "CVE-2014-6277", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6277", "reference_id": "CVE-2014-6277", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6277" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py", "reference_id": "CVE-2014-7187;CVE-2014-7186;CVE-2014-7169;CVE-2014-6278;CVE-2014-6277", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py" }, { "reference_url": "https://security.gentoo.org/glsa/201410-01", "reference_id": "GLSA-201410-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201410-01" }, { "reference_url": "https://usn.ubuntu.com/2380-1/", "reference_id": "USN-2380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371375?format=api", "purl": "pkg:alpm/archlinux/bash@4.3.027-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.027-1" } ], "aliases": [ "CVE-2014-6277" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqj7-9htv-nbfn" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.026-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/371375?format=api", "purl": "pkg:alpm/archlinux/bash@4.3.027-1", "type": "alpm", "namespace": "archlinux", "name": "bash", "version": "4.3.027-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39490?format=api", "vulnerability_id": "VCID-sqj7-9htv-nbfn", "summary": "Multiple parsing flaws in Bash could allow remote attackers to\n inject code or cause a Denial of Service condition.", "references": [ { "reference_url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2014-000126" }, { "reference_url": "http://jvn.jp/en/jp/JVN55667175/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvn.jp/en/jp/JVN55667175/index.html" }, { "reference_url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lcamtuf.blogspot.com/2014/09/bash-bug-apply-unofficial-patch-now.html" }, { "reference_url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lcamtuf.blogspot.com/2014/10/bash-bug-how-we-finally-cracked.html" }, { "reference_url": "http://linux.oracle.com/errata/ELSA-2014-3093", "reference_id": "", "reference_type": "", "scores": [], "url": "http://linux.oracle.com/errata/ELSA-2014-3093" }, { "reference_url": "http://linux.oracle.com/errata/ELSA-2014-3094", "reference_id": "", "reference_type": "", "scores": [], "url": "http://linux.oracle.com/errata/ELSA-2014-3094" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2015/Jan/msg00003.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00004.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2014-10/msg00025.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141330468527613&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141330468527613&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141345648114150&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141345648114150&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383026420882&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383026420882&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383081521087&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383081521087&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383196021590&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383196021590&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383244821813&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383244821813&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383304022067&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383304022067&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383353622268&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383353622268&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141383465822787&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141383465822787&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141450491804793&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141450491804793&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141576728022234&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141576728022234&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577137423233&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141577137423233&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577241923505&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141577241923505&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141577297623641&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141577297623641&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141585637922673&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141585637922673&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=141879528318582&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142118135300698&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142289270617409&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142289270617409&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142358026505815&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142358078406056&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142358078406056&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142721162228379&w=2" }, { "reference_url": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://packetstormsecurity.com/files/128567/CA-Technologies-GNU-Bash-Shellshock.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-6277.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6277", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86544", "scoring_system": "epss", "scoring_elements": "0.99416", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99471", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99474", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99475", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.9947", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99468", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.87816", "scoring_system": "epss", "scoring_elements": "0.99473", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-6277" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-6277" }, { "reference_url": "http://secunia.com/advisories/58200", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/58200" }, { "reference_url": "http://secunia.com/advisories/59907", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59907" }, { "reference_url": "http://secunia.com/advisories/59961", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/59961" }, { "reference_url": "http://secunia.com/advisories/60024", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60024" }, { "reference_url": "http://secunia.com/advisories/60034", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60034" }, { "reference_url": "http://secunia.com/advisories/60044", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60044" }, { "reference_url": "http://secunia.com/advisories/60055", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60055" }, { "reference_url": "http://secunia.com/advisories/60063", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60063" }, { "reference_url": "http://secunia.com/advisories/60193", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60193" }, { "reference_url": "http://secunia.com/advisories/60325", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60325" }, { "reference_url": "http://secunia.com/advisories/60433", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/60433" }, { "reference_url": "http://secunia.com/advisories/61065", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61065" }, { "reference_url": "http://secunia.com/advisories/61128", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61128" }, { "reference_url": "http://secunia.com/advisories/61129", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61129" }, { "reference_url": "http://secunia.com/advisories/61283", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61283" }, { "reference_url": "http://secunia.com/advisories/61287", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61287" }, { "reference_url": "http://secunia.com/advisories/61291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61291" }, { "reference_url": "http://secunia.com/advisories/61312", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61312" }, { "reference_url": "http://secunia.com/advisories/61313", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61313" }, { "reference_url": "http://secunia.com/advisories/61328", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61328" }, { "reference_url": "http://secunia.com/advisories/61442", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61442" }, { "reference_url": "http://secunia.com/advisories/61471", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61471" }, { "reference_url": "http://secunia.com/advisories/61485", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61485" }, { "reference_url": "http://secunia.com/advisories/61503", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61503" }, { "reference_url": "http://secunia.com/advisories/61550", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61550" }, { "reference_url": "http://secunia.com/advisories/61552", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61552" }, { "reference_url": "http://secunia.com/advisories/61565", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61565" }, { "reference_url": "http://secunia.com/advisories/61603", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61603" }, { "reference_url": "http://secunia.com/advisories/61633", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61633" }, { "reference_url": "http://secunia.com/advisories/61641", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61641" }, { "reference_url": "http://secunia.com/advisories/61643", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61643" }, { "reference_url": "http://secunia.com/advisories/61654", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61654" }, { "reference_url": "http://secunia.com/advisories/61703", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61703" }, { "reference_url": "http://secunia.com/advisories/61780", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61780" }, { "reference_url": "http://secunia.com/advisories/61816", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61816" }, { "reference_url": "http://secunia.com/advisories/61857", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/61857" }, { "reference_url": "http://secunia.com/advisories/62312", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/62312" }, { "reference_url": "http://secunia.com/advisories/62343", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/62343" }, { "reference_url": "https://kb.bluecoat.com/index?page=content&id=SA82", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.bluecoat.com/index?page=content&id=SA82" }, { "reference_url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10648" }, { "reference_url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10085" }, { "reference_url": "https://support.apple.com/HT205267", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/HT205267" }, { "reference_url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts", "reference_id": "", "reference_type": "", "scores": [], "url": "https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk102673&src=securityAlerts" }, { "reference_url": "https://support.citrix.com/article/CTX200217", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.citrix.com/article/CTX200217" }, { "reference_url": "https://support.citrix.com/article/CTX200223", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.citrix.com/article/CTX200223" }, { "reference_url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.f5.com/kb/en-us/solutions/public/15000/600/sol15629.html" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04497075" }, { "reference_url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c04518183" }, { "reference_url": "http://support.apple.com/HT204244", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/HT204244" }, { "reference_url": "http://support.novell.com/security/cve/CVE-2014-6277.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.novell.com/security/cve/CVE-2014-6277.html" }, { "reference_url": "https://www.suse.com/support/shellshock/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.suse.com/support/shellshock/" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021272" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021279" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=isg3T1021361" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004879" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004897" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004898" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=ssg1S1004915" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685541" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685604" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685733" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685749" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21685914" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686131" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686246" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686445" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686479" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21686494" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21687079" }, { "reference_url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www-947.ibm.com/support/entry/portal/docdisplay?lndocid=MIGR-5096315" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:164" }, { "reference_url": "http://www.novell.com/support/kb/doc.php?id=7015721", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.novell.com/support/kb/doc.php?id=7015721" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/topics/security/bashcve-2014-7169-2317675.html" }, { "reference_url": "http://www.qnap.com/i/en/support/con_show.php?cid=61", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.qnap.com/i/en/support/con_show.php?cid=61" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2380-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2380-1" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.vmware.com/security/advisories/VMSA-2014-0010.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147189", "reference_id": "1147189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1147189" }, { "reference_url": "https://security.archlinux.org/AVG-924", "reference_id": "AVG-924", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-924" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:1.14.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.01.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.02.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.03:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.04:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:a:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:2.05:b:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.0.16:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:3.2.48:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.0:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:bash:4.3:*:*:*:*:*:*:*" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt", "reference_id": "CVE-2014-6277", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/dos/35081.txt" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6277", "reference_id": "CVE-2014-6277", "reference_type": "", "scores": [ { "value": "10.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:C/I:C/A:C" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-6277" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py", "reference_id": "CVE-2014-7187;CVE-2014-7186;CVE-2014-7169;CVE-2014-6278;CVE-2014-6277", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36933.py" }, { "reference_url": "https://security.gentoo.org/glsa/201410-01", "reference_id": "GLSA-201410-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201410-01" }, { "reference_url": "https://usn.ubuntu.com/2380-1/", "reference_id": "USN-2380-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2380-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/371375?format=api", "purl": "pkg:alpm/archlinux/bash@4.3.027-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.027-1" } ], "aliases": [ "CVE-2014-6277" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sqj7-9htv-nbfn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bash@4.3.027-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373621?format=api", "purl": "pkg:alpm/archlinux/bat@0.18.1-1", "type": "alpm", "namespace": "archlinux", "name": "bat", "version": "0.18.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "0.18.2-1", "latest_non_vulnerable_version": "0.18.2-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41229?format=api", "vulnerability_id": "VCID-gabj-syb9-c7ff", "summary": "Uncontrolled Search Path Element in sharkdp/bat\nbat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41461", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.4142", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41435", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41446", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.4134", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41388", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41432", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36753" }, { "reference_url": "https://github.com/sharkdp/bat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat" }, { "reference_url": "https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956" }, { "reference_url": "https://github.com/sharkdp/bat/pull/1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat/pull/1724" }, { "reference_url": "https://github.com/sharkdp/bat/releases/tag/v0.18.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat/releases/tag/v0.18.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36753", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36753" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0106.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0106.html" }, { "reference_url": "https://vuln.ryotak.me/advisories/53", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuln.ryotak.me/advisories/53" }, { "reference_url": "https://security.archlinux.org/AVG-2165", "reference_id": "AVG-2165", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2165" }, { "reference_url": "https://github.com/advisories/GHSA-p24j-h477-76q3", "reference_id": "GHSA-p24j-h477-76q3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p24j-h477-76q3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373622?format=api", "purl": "pkg:alpm/archlinux/bat@0.18.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.2-1" } ], "aliases": [ "CVE-2021-36753", "GHSA-p24j-h477-76q3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gabj-syb9-c7ff" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373622?format=api", "purl": "pkg:alpm/archlinux/bat@0.18.2-1", "type": "alpm", "namespace": "archlinux", "name": "bat", "version": "0.18.2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41229?format=api", "vulnerability_id": "VCID-gabj-syb9-c7ff", "summary": "Uncontrolled Search Path Element in sharkdp/bat\nbat on windows before 0.18.2 executes programs named less.exe from the current working directory. This can lead to unintended code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36753", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41461", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.4142", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41435", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41467", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41446", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41438", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.4134", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41388", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00195", "scoring_system": "epss", "scoring_elements": "0.41432", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-36753" }, { "reference_url": "https://github.com/sharkdp/bat", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat" }, { "reference_url": "https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat/commit/bf2b2df9c9e218e35e5a38ce3d03cffb7c363956" }, { "reference_url": "https://github.com/sharkdp/bat/pull/1724", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat/pull/1724" }, { "reference_url": "https://github.com/sharkdp/bat/releases/tag/v0.18.2", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/sharkdp/bat/releases/tag/v0.18.2" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36753", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36753" }, { "reference_url": "https://rustsec.org/advisories/RUSTSEC-2021-0106.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://rustsec.org/advisories/RUSTSEC-2021-0106.html" }, { "reference_url": "https://vuln.ryotak.me/advisories/53", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://vuln.ryotak.me/advisories/53" }, { "reference_url": "https://security.archlinux.org/AVG-2165", "reference_id": "AVG-2165", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2165" }, { "reference_url": "https://github.com/advisories/GHSA-p24j-h477-76q3", "reference_id": "GHSA-p24j-h477-76q3", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-p24j-h477-76q3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373622?format=api", "purl": "pkg:alpm/archlinux/bat@0.18.2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.2-1" } ], "aliases": [ "CVE-2021-36753", "GHSA-p24j-h477-76q3" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gabj-syb9-c7ff" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bat@0.18.2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/374482?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.0-4", "type": "alpm", "namespace": "archlinux", "name": "bchunk", "version": "1.2.0-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.2.2-4", "latest_non_vulnerable_version": "1.2.2-4", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69774?format=api", "vulnerability_id": "VCID-dk5f-hadp-87e7", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50132", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50162", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50085", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50098", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50152", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50145", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" }, { "reference_url": "https://github.com/extramaster/bchunk/issues/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/extramaster/bchunk/issues/2" }, { "reference_url": "https://github.com/hessu/bchunk/issues/1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hessu/bchunk/issues/1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116", "reference_id": "880116", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116" }, { "reference_url": "https://security.archlinux.org/ASA-201803-24", "reference_id": "ASA-201803-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-24" }, { "reference_url": "https://security.archlinux.org/AVG-475", "reference_id": "AVG-475", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-475" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15953", "reference_id": "CVE-2017-15953", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15953" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374483?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.2-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4" } ], "aliases": [ "CVE-2017-15953" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk5f-hadp-87e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69775?format=api", "vulnerability_id": "VCID-syvr-upka-zybt", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53982", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53899", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53944", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53971", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5397", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" }, { "reference_url": "https://github.com/extramaster/bchunk/issues/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/extramaster/bchunk/issues/3" }, { "reference_url": "https://github.com/hessu/bchunk/issues/1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hessu/bchunk/issues/1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116", "reference_id": "880116", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116" }, { "reference_url": "https://security.archlinux.org/ASA-201803-24", "reference_id": "ASA-201803-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-24" }, { "reference_url": "https://security.archlinux.org/AVG-475", "reference_id": "AVG-475", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-475" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15954", "reference_id": "CVE-2017-15954", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15954" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374483?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.2-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4" } ], "aliases": [ "CVE-2017-15954" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syvr-upka-zybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69776?format=api", "vulnerability_id": "VCID-xatx-tmp5-cka2", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48487", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48501", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48475", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48418", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48429", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48484", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48478", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15955" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" }, { "reference_url": "https://github.com/extramaster/bchunk/issues/4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/extramaster/bchunk/issues/4" }, { "reference_url": "https://github.com/hessu/bchunk/issues/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hessu/bchunk/issues/2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116", "reference_id": "880116", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116" }, { "reference_url": "https://security.archlinux.org/ASA-201803-24", "reference_id": "ASA-201803-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-24" }, { "reference_url": "https://security.archlinux.org/AVG-475", "reference_id": "AVG-475", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-475" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15955", "reference_id": "CVE-2017-15955", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374483?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.2-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4" } ], "aliases": [ "CVE-2017-15955" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xatx-tmp5-cka2" } ], "fixing_vulnerabilities": [], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.0-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/374483?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.2-4", "type": "alpm", "namespace": "archlinux", "name": "bchunk", "version": "1.2.2-4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69774?format=api", "vulnerability_id": "VCID-dk5f-hadp-87e7", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50132", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50162", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50136", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50085", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.5012", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50148", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50098", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50152", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00266", "scoring_system": "epss", "scoring_elements": "0.50145", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" }, { "reference_url": "https://github.com/extramaster/bchunk/issues/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/extramaster/bchunk/issues/2" }, { "reference_url": "https://github.com/hessu/bchunk/issues/1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hessu/bchunk/issues/1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116", "reference_id": "880116", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116" }, { "reference_url": "https://security.archlinux.org/ASA-201803-24", "reference_id": "ASA-201803-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-24" }, { "reference_url": "https://security.archlinux.org/AVG-475", "reference_id": "AVG-475", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-475" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15953", "reference_id": "CVE-2017-15953", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15953" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374483?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.2-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4" } ], "aliases": [ "CVE-2017-15953" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dk5f-hadp-87e7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69775?format=api", "vulnerability_id": "VCID-syvr-upka-zybt", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53982", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53899", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53916", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53944", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53919", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53971", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5397", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" }, { "reference_url": "https://github.com/extramaster/bchunk/issues/3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/extramaster/bchunk/issues/3" }, { "reference_url": "https://github.com/hessu/bchunk/issues/1", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hessu/bchunk/issues/1" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116", "reference_id": "880116", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116" }, { "reference_url": "https://security.archlinux.org/ASA-201803-24", "reference_id": "ASA-201803-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-24" }, { "reference_url": "https://security.archlinux.org/AVG-475", "reference_id": "AVG-475", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-475" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15954", "reference_id": "CVE-2017-15954", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15954" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374483?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.2-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4" } ], "aliases": [ "CVE-2017-15954" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-syvr-upka-zybt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/69776?format=api", "vulnerability_id": "VCID-xatx-tmp5-cka2", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48487", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48501", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48475", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48418", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48455", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48429", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48484", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00251", "scoring_system": "epss", "scoring_elements": "0.48478", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-15955" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15955" }, { "reference_url": "https://github.com/extramaster/bchunk/issues/4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/extramaster/bchunk/issues/4" }, { "reference_url": "https://github.com/hessu/bchunk/issues/2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/hessu/bchunk/issues/2" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00001.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4026", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4026" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116", "reference_id": "880116", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=880116" }, { "reference_url": "https://security.archlinux.org/ASA-201803-24", "reference_id": "ASA-201803-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-24" }, { "reference_url": "https://security.archlinux.org/AVG-475", "reference_id": "AVG-475", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-475" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bchunk_project:bchunk:1.2.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15955", "reference_id": "CVE-2017-15955", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15955" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/374483?format=api", "purl": "pkg:alpm/archlinux/bchunk@1.2.2-4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4" } ], "aliases": [ "CVE-2017-15955" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xatx-tmp5-cka2" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bchunk@1.2.2-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/372246?format=api", "purl": "pkg:alpm/archlinux/bcprov@1.66-1", "type": "alpm", "namespace": "archlinux", "name": "bcprov", "version": "1.66-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.67-1", "latest_non_vulnerable_version": "1.67-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35118?format=api", "vulnerability_id": "VCID-amzx-sbps-xke5", "summary": "Logic error in Legion of the Bouncy Castle BC Java\nAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88595", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88591", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88586", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88568", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88565", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88547", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88539", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052" }, { "reference_url": "https://github.com/bcgit/bc-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052" }, { "reference_url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" }, { "reference_url": "https://www.bouncycastle.org/releasenotes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bouncycastle.org/releasenotes.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", "reference_id": "1912881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683", "reference_id": "977683", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683" }, { "reference_url": "https://security.archlinux.org/AVG-1372", "reference_id": "AVG-1372", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1372" }, { "reference_url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/", "reference_id": "CVE-2020-28052-BOUNCY-CASTLE", "reference_type": "", "scores": [], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/" }, { "reference_url": "https://github.com/advisories/GHSA-73xv-w5gp-frxh", "reference_id": "GHSA-73xv-w5gp-frxh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73xv-w5gp-frxh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872", "reference_id": "RHSA-2021:0872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873", "reference_id": "RHSA-2021:0873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874", "reference_id": "RHSA-2021:0874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885", "reference_id": "RHSA-2021:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974", "reference_id": "RHSA-2021:0974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1401", "reference_id": "RHSA-2021:1401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2210", "reference_id": "RHSA-2021:2210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2755", "reference_id": "RHSA-2021:2755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2755" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3205", "reference_id": "RHSA-2021:3205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372247?format=api", "purl": "pkg:alpm/archlinux/bcprov@1.67-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.67-1" } ], "aliases": [ "CVE-2020-28052", "GHSA-73xv-w5gp-frxh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amzx-sbps-xke5" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.66-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372247?format=api", "purl": "pkg:alpm/archlinux/bcprov@1.67-1", "type": "alpm", "namespace": "archlinux", "name": "bcprov", "version": "1.67-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/35118?format=api", "vulnerability_id": "VCID-amzx-sbps-xke5", "summary": "Logic error in Legion of the Bouncy Castle BC Java\nAn issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-28052.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88595", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88591", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88586", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88568", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88565", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88547", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04099", "scoring_system": "epss", "scoring_elements": "0.88539", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-28052" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28052" }, { "reference_url": "https://github.com/bcgit/bc-java", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java" }, { "reference_url": "https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/commit/97578f9b7ed277e6ecb58834e85e3d18385a4219" }, { "reference_url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/bcgit/bc-java/wiki/CVE-2020-28052" }, { "reference_url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r167dbc42ef7c59802c2ca1ac14735ef9cf687c25208229993d6206fe@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r175f5a25d100dbe2b1bd3459b3ce882a84c3ff91b120ed4ff2d57b53@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r25d53acd06f29244b8a103781b0339c5e7efee9099a4d52f0c230e4a@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r2ddabd06d94b60cfb0141e4abb23201c628ab925e30742f61a04d013@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r30a139c165b3da6e0d5536434ab1550534011b1fdfcd2f5d95892c5b@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r37d332c0bf772f4982d1fdeeb2f88dd71dab6451213e69e43734eadc@%3Ccommits.pulsar.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r4e1619cfefcd031fac62064a3858f5c9229eef907bd5d8ef14c594fc@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r77af3ac7c3bfbd5454546e13faf7aec21d627bdcf36c9ca240436b94@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r8c36ba34e80e05eecb1f80071cc834d705616f315b634ec0c7d8f42e@%3Cissues.solr.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/r954d80fd18e9dafef6e813963eb7e08c228151c2b6268ecd63b35d1f@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rc9e441c1576bdc4375d32526d5cf457226928e9c87b9f54ded26271c@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rcd37d9214b08067a2e8f2b5b4fd123a1f8cb6008698d11ef44028c21@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdcbad6d8ce72c79827ed8c635f9a62dd919bb21c94a0b64cab2efc31@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rddd2237b8636a48d573869006ee809262525efb2b6ffa6eff50d2a2d@%3Cjira.kafka.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rdfd2901b8b697a3f6e2c9c6ecc688fd90d7f881937affb5144d61d6e@%3Ccommits.druid.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf9abfc0223747a56694825c050cc6b66627a293a32ea926b3de22402@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rfc0db1f3c375087e69a239f9284ded72d04fbb55849eadde58fa9dc2@%3Cissues.karaf.apache.org%3E" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-28052" }, { "reference_url": "https://www.bouncycastle.org/releasenotes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.bouncycastle.org/releasenotes.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuApr2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuapr2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujan2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujan2022.html" }, { "reference_url": "https://www.oracle.com//security-alerts/cpujul2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpujul2022.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpujul2022.html" }, { "reference_url": "https://www.oracle.com/security-alerts/cpuoct2021.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" }, { "reference_url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881", "reference_id": "1912881", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1912881" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683", "reference_id": "977683", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977683" }, { "reference_url": "https://security.archlinux.org/AVG-1372", "reference_id": "AVG-1372", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1372" }, { "reference_url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/", "reference_id": "CVE-2020-28052-BOUNCY-CASTLE", "reference_type": "", "scores": [], "url": "https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/" }, { "reference_url": "https://github.com/advisories/GHSA-73xv-w5gp-frxh", "reference_id": "GHSA-73xv-w5gp-frxh", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-73xv-w5gp-frxh" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0872", "reference_id": "RHSA-2021:0872", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0872" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0873", "reference_id": "RHSA-2021:0873", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0873" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0874", "reference_id": "RHSA-2021:0874", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0874" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0885", "reference_id": "RHSA-2021:0885", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0885" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0974", "reference_id": "RHSA-2021:0974", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0974" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1401", "reference_id": "RHSA-2021:1401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1401" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2210", "reference_id": "RHSA-2021:2210", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2210" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2755", "reference_id": "RHSA-2021:2755", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2755" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3205", "reference_id": "RHSA-2021:3205", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4767", "reference_id": "RHSA-2021:4767", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4767" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372247?format=api", "purl": "pkg:alpm/archlinux/bcprov@1.67-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.67-1" } ], "aliases": [ "CVE-2020-28052", "GHSA-73xv-w5gp-frxh" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-amzx-sbps-xke5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bcprov@1.67-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372543?format=api", "purl": "pkg:alpm/archlinux/beep@1.3-4", "type": "alpm", "namespace": "archlinux", "name": "beep", "version": "1.3-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.4.4-1", "latest_non_vulnerable_version": "1.4.4-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48794?format=api", "vulnerability_id": "VCID-gupx-n3wg-mygd", "summary": "A vulnerability in beep could allow local attackers to escalate\n privileges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.83961", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.83975", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.8399", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.83994", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84017", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84023", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.8404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84033", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0492" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667", "reference_id": "894667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667" }, { "reference_url": "https://security.archlinux.org/AVG-940", "reference_id": "AVG-940", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-940" }, { "reference_url": "https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc", "reference_id": "CVE-2018-0492", "reference_type": "exploit", "scores": [], "url": "https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py", "reference_id": "CVE-2018-0492", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py" }, { "reference_url": "https://security.gentoo.org/glsa/201805-15", "reference_id": "GLSA-201805-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201805-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372544?format=api", "purl": "pkg:alpm/archlinux/beep@1.4.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.4.4-1" } ], "aliases": [ "CVE-2018-0492" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gupx-n3wg-mygd" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.3-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/372544?format=api", "purl": "pkg:alpm/archlinux/beep@1.4.4-1", "type": "alpm", "namespace": "archlinux", "name": "beep", "version": "1.4.4-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48794?format=api", "vulnerability_id": "VCID-gupx-n3wg-mygd", "summary": "A vulnerability in beep could allow local attackers to escalate\n privileges.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0492", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.83961", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.83975", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.8399", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.83994", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84017", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84023", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.8404", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0209", "scoring_system": "epss", "scoring_elements": "0.84033", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0492" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0492" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667", "reference_id": "894667", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=894667" }, { "reference_url": "https://security.archlinux.org/AVG-940", "reference_id": "AVG-940", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-940" }, { "reference_url": "https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc", "reference_id": "CVE-2018-0492", "reference_type": "exploit", "scores": [], "url": "https://gist.github.com/Arignir/0b9d45c56551af39969368396e27abe8/ec853f14afd6e86fb3f2efce2086e28f33039ddc" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py", "reference_id": "CVE-2018-0492", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/44452.py" }, { "reference_url": "https://security.gentoo.org/glsa/201805-15", "reference_id": "GLSA-201805-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201805-15" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372544?format=api", "purl": "pkg:alpm/archlinux/beep@1.4.4-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.4.4-1" } ], "aliases": [ "CVE-2018-0492" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gupx-n3wg-mygd" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/beep@1.4.4-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373164?format=api", "purl": "pkg:alpm/archlinux/bind@9.10.4.P2-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.10.4.P2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.10.4.P3-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31463?format=api", "vulnerability_id": "VCID-4cxw-y4nn-2bem", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which could cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99428", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99434", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99433", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99429", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378380", "reference_id": "1378380", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010", "reference_id": "839010", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010" }, { "reference_url": "https://security.archlinux.org/ASA-201609-29", "reference_id": "ASA-201609-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-29" }, { "reference_url": "https://security.archlinux.org/AVG-36", "reference_id": "AVG-36", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-36" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py", "reference_id": "CVE-2016-2776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py" }, { "reference_url": "https://security.gentoo.org/glsa/201610-07", "reference_id": "GLSA-201610-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1944", "reference_id": "RHSA-2016:1944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1945", "reference_id": "RHSA-2016:1945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2099", "reference_id": "RHSA-2016:2099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2099" }, { "reference_url": "https://usn.ubuntu.com/3088-1/", "reference_id": "USN-3088-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3088-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373165?format=api", "purl": "pkg:alpm/archlinux/bind@9.10.4.P3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P3-1" } ], "aliases": [ "CVE-2016-2776" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxw-y4nn-2bem" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373165?format=api", "purl": "pkg:alpm/archlinux/bind@9.10.4.P3-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.10.4.P3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.11.0.P1-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31463?format=api", "vulnerability_id": "VCID-4cxw-y4nn-2bem", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which could cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99428", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99434", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99431", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99433", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99427", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.86964", "scoring_system": "epss", "scoring_elements": "0.99429", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-2776" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2775" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2776" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378380", "reference_id": "1378380", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1378380" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010", "reference_id": "839010", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839010" }, { "reference_url": "https://security.archlinux.org/ASA-201609-29", "reference_id": "ASA-201609-29", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201609-29" }, { "reference_url": "https://security.archlinux.org/AVG-36", "reference_id": "AVG-36", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-36" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py", "reference_id": "CVE-2016-2776", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/40453.py" }, { "reference_url": "https://security.gentoo.org/glsa/201610-07", "reference_id": "GLSA-201610-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201610-07" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1944", "reference_id": "RHSA-2016:1944", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1944" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1945", "reference_id": "RHSA-2016:1945", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1945" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2099", "reference_id": "RHSA-2016:2099", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2099" }, { "reference_url": "https://usn.ubuntu.com/3088-1/", "reference_id": "USN-3088-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3088-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373165?format=api", "purl": "pkg:alpm/archlinux/bind@9.10.4.P3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P3-1" } ], "aliases": [ "CVE-2016-2776" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cxw-y4nn-2bem" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.10.4.P3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373143?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0-2", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.0-2", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.11.0.P1-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34600?format=api", "vulnerability_id": "VCID-pn63-zx6s-gfgc", "summary": "A vulnerability in BIND might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97582", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.976", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97605", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97589", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97592", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97598", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389652", "reference_id": "1389652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389652" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858", "reference_id": "842858", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858" }, { "reference_url": "https://security.archlinux.org/ASA-201611-3", "reference_id": "ASA-201611-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-3" }, { "reference_url": "https://security.archlinux.org/AVG-59", "reference_id": "AVG-59", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-59" }, { "reference_url": "https://security.gentoo.org/glsa/201701-26", "reference_id": "GLSA-201701-26", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2141", "reference_id": "RHSA-2016:2141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2142", "reference_id": "RHSA-2016:2142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2615", "reference_id": "RHSA-2016:2615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2871", "reference_id": "RHSA-2016:2871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3119-1/", "reference_id": "USN-3119-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3119-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373144?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-1" } ], "aliases": [ "CVE-2016-8864" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pn63-zx6s-gfgc" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0-2" }, { "url": "http://public2.vulnerablecode.io/api/packages/373144?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P1-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.0.P1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.11.0.P3-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34600?format=api", "vulnerability_id": "VCID-pn63-zx6s-gfgc", "summary": "A vulnerability in BIND might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8864.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8864", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97582", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97606", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.976", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97603", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97605", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97589", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97592", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97593", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.45373", "scoring_system": "epss", "scoring_elements": "0.97598", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-8864" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8864" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389652", "reference_id": "1389652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1389652" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858", "reference_id": "842858", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842858" }, { "reference_url": "https://security.archlinux.org/ASA-201611-3", "reference_id": "ASA-201611-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201611-3" }, { "reference_url": "https://security.archlinux.org/AVG-59", "reference_id": "AVG-59", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-59" }, { "reference_url": "https://security.gentoo.org/glsa/201701-26", "reference_id": "GLSA-201701-26", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-26" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2141", "reference_id": "RHSA-2016:2141", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2141" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2142", "reference_id": "RHSA-2016:2142", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2615", "reference_id": "RHSA-2016:2615", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2615" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:2871", "reference_id": "RHSA-2016:2871", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:2871" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3119-1/", "reference_id": "USN-3119-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3119-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373144?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P1-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-1" } ], "aliases": [ "CVE-2016-8864" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pn63-zx6s-gfgc" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373094?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P1-3", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.0.P1-3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.11.0.P3-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48057?format=api", "vulnerability_id": "VCID-5jpj-6zqd-3ub9", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98089", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98106", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98096", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411367", "reference_id": "1411367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411367" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063", "reference_id": "851063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0062", "reference_id": "RHSA-2017:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0063", "reference_id": "RHSA-2017:0063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0064", "reference_id": "RHSA-2017:0064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1582", "reference_id": "RHSA-2017:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3172-1/", "reference_id": "USN-3172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9147" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jpj-6zqd-3ub9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48059?format=api", "vulnerability_id": "VCID-7n8z-mhbn-xudt", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91132", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.9118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91137", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/article/AA-01442/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/article/AA-01442/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0005/" }, { "reference_url": "http://www.securityfocus.com/bid/95388", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95388" }, { "reference_url": "http://www.securitytracker.com/id/1037582", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037582" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411387", "reference_id": "1411387", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411387" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9778", "reference_id": "CVE-2016-9778", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9778" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9778" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7n8z-mhbn-xudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48058?format=api", "vulnerability_id": "VCID-s4q2-n72q-vuhh", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97846", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97843", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97845", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97829", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.9783", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97833", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97837", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.9784", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9444" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411377", "reference_id": "1411377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411377" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062", "reference_id": "851062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0062", "reference_id": "RHSA-2017:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3172-1/", "reference_id": "USN-3172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9444" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4q2-n72q-vuhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48056?format=api", "vulnerability_id": "VCID-uze1-hja3-kubc", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98765", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98768", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.9877", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98771", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411348", "reference_id": "1411348", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411348" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065", "reference_id": "851065", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0062", "reference_id": "RHSA-2017:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3172-1/", "reference_id": "USN-3172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9131" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uze1-hja3-kubc" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P1-3" }, { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.0.P2-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.11.0.P3-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48060?format=api", "vulnerability_id": "VCID-xatr-hnmn-mfbj", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96961", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.9699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96986", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96989", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96969", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01453" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0005/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3795" }, { "reference_url": "http://www.securityfocus.com/bid/96150", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96150" }, { "reference_url": "http://www.securitytracker.com/id/1037801", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420193", "reference_id": "1420193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520", "reference_id": "855520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520" }, { "reference_url": "https://security.archlinux.org/ASA-201702-8", "reference_id": "ASA-201702-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201702-8" }, { "reference_url": "https://security.archlinux.org/AVG-169", "reference_id": "AVG-169", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-169" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3135", "reference_id": "CVE-2017-3135", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3135" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0276", "reference_id": "RHSA-2017:0276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0276" }, { "reference_url": "https://usn.ubuntu.com/3201-1/", "reference_id": "USN-3201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373075?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-1" } ], "aliases": [ "CVE-2017-3135" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xatr-hnmn-mfbj" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48057?format=api", "vulnerability_id": "VCID-5jpj-6zqd-3ub9", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9147.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98089", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98107", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98106", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98092", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.56165", "scoring_system": "epss", "scoring_elements": "0.98096", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411367", "reference_id": "1411367", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411367" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063", "reference_id": "851063", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851063" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0062", "reference_id": "RHSA-2017:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0063", "reference_id": "RHSA-2017:0063", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0063" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0064", "reference_id": "RHSA-2017:0064", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0064" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1582", "reference_id": "RHSA-2017:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3172-1/", "reference_id": "USN-3172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9147" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5jpj-6zqd-3ub9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48059?format=api", "vulnerability_id": "VCID-7n8z-mhbn-xudt", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9778.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9778", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91132", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91182", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91145", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91153", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91166", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91173", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.9118", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06614", "scoring_system": "epss", "scoring_elements": "0.91137", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9778" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/article/AA-01442/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/article/AA-01442/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0005/" }, { "reference_url": "http://www.securityfocus.com/bid/95388", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95388" }, { "reference_url": "http://www.securitytracker.com/id/1037582", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037582" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411387", "reference_id": "1411387", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411387" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:s3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:solidfire_element_os_management_node:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9778", "reference_id": "CVE-2016-9778", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9778" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9778" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7n8z-mhbn-xudt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48058?format=api", "vulnerability_id": "VCID-s4q2-n72q-vuhh", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9444.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97823", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97846", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97843", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97845", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97829", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.9783", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97833", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.97837", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.5046", "scoring_system": "epss", "scoring_elements": "0.9784", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9444" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411377", "reference_id": "1411377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411377" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062", "reference_id": "851062", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851062" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0062", "reference_id": "RHSA-2017:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3172-1/", "reference_id": "USN-3172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9444" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s4q2-n72q-vuhh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48056?format=api", "vulnerability_id": "VCID-uze1-hja3-kubc", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9131.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98764", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98775", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98773", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98774", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98765", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98768", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.9877", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.7283", "scoring_system": "epss", "scoring_elements": "0.98771", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9131" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9147" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9444" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411348", "reference_id": "1411348", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1411348" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065", "reference_id": "851065", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=851065" }, { "reference_url": "https://security.archlinux.org/ASA-201701-15", "reference_id": "ASA-201701-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-15" }, { "reference_url": "https://security.archlinux.org/AVG-132", "reference_id": "AVG-132", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-132" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0062", "reference_id": "RHSA-2017:0062", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0062" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3172-1/", "reference_id": "USN-3172-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3172-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373074?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P2-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xatr-hnmn-mfbj" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" } ], "aliases": [ "CVE-2016-9131" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uze1-hja3-kubc" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P2-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373075?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P3-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.0.P3-1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "9.11.1.P2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48060?format=api", "vulnerability_id": "VCID-xatr-hnmn-mfbj", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2017-0276.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3135.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3135", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96961", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.9699", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96974", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96976", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96985", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96986", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96988", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96989", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.34413", "scoring_system": "epss", "scoring_elements": "0.96969", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3135" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3135" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:C" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01453", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01453" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0005/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0005/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3795", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3795" }, { "reference_url": "http://www.securityfocus.com/bid/96150", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96150" }, { "reference_url": "http://www.securitytracker.com/id/1037801", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1037801" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420193", "reference_id": "1420193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1420193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520", "reference_id": "855520", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=855520" }, { "reference_url": "https://security.archlinux.org/ASA-201702-8", "reference_id": "ASA-201702-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201702-8" }, { "reference_url": "https://security.archlinux.org/AVG-169", "reference_id": "AVG-169", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-169" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.8:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software_management_node:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3135", "reference_id": "CVE-2017-3135", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3135" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:0276", "reference_id": "RHSA-2017:0276", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:0276" }, { "reference_url": "https://usn.ubuntu.com/3201-1/", "reference_id": "USN-3201-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3201-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373075?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P3-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-1" } ], "aliases": [ "CVE-2017-3135" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xatr-hnmn-mfbj" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/373030?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.0.P3-4", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.0.P3-4", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.11.1.P2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48063?format=api", "vulnerability_id": "VCID-ruf8-3syu-vyew", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97231", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97256", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97243", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.9725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97251", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97255", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97237", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3138" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/aa-01471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01471" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180802-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "reference_url": "http://www.securityfocus.com/bid/97657", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97657" }, { "reference_url": "http://www.securitytracker.com/id/1038260", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038260" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441137", "reference_id": "1441137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441137" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226", "reference_id": "860226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226" }, { "reference_url": "https://security.archlinux.org/ASA-201704-11", "reference_id": "ASA-201704-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-11" }, { "reference_url": "https://security.archlinux.org/AVG-239", "reference_id": "AVG-239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-239" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3138", "reference_id": "CVE-2017-3138", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3138" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://usn.ubuntu.com/3259-1/", "reference_id": "USN-3259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3259-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373031?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t4dn-73sn-57c1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1" } ], "aliases": [ "CVE-2017-3138" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruf8-3syu-vyew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48062?format=api", "vulnerability_id": "VCID-sh9s-2ef5-ruct", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96496", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.9653", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.9652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96526", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96508", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/aa-01466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01466" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180802-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "reference_url": "http://www.securityfocus.com/bid/97651", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97651" }, { "reference_url": "http://www.securitytracker.com/id/1038258", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038258" }, { "reference_url": "http://www.securitytracker.com/id/1040195", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441133", "reference_id": "1441133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225", "reference_id": "860225", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225" }, { "reference_url": "https://security.archlinux.org/ASA-201704-11", "reference_id": "ASA-201704-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-11" }, { "reference_url": "https://security.archlinux.org/AVG-239", "reference_id": "AVG-239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-239" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3137", "reference_id": "CVE-2017-3137", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3137" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1095", "reference_id": "RHSA-2017:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1105", "reference_id": "RHSA-2017:1105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1582", "reference_id": "RHSA-2017:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3259-1/", "reference_id": "USN-3259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3259-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373031?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t4dn-73sn-57c1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1" } ], "aliases": [ "CVE-2017-3137" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sh9s-2ef5-ruct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48061?format=api", "vulnerability_id": "VCID-tp19-8gsn-n7ez", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97767", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97789", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.9778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97783", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97774", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97776", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01465" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180802-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "reference_url": "http://www.securityfocus.com/bid/97653", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97653" }, { "reference_url": "http://www.securitytracker.com/id/1038259", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038259" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441125", "reference_id": "1441125", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441125" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224", "reference_id": "860224", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224" }, { "reference_url": "https://security.archlinux.org/ASA-201704-11", "reference_id": "ASA-201704-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-11" }, { "reference_url": "https://security.archlinux.org/AVG-239", "reference_id": "AVG-239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-239" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3136", "reference_id": "CVE-2017-3136", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3136" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1095", "reference_id": "RHSA-2017:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1105", "reference_id": "RHSA-2017:1105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "reference_url": "https://usn.ubuntu.com/3259-1/", "reference_id": "USN-3259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3259-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373031?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t4dn-73sn-57c1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1" } ], "aliases": [ "CVE-2017-3136" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tp19-8gsn-n7ez" } ], "fixing_vulnerabilities": [], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.0.P3-4" }, { "url": "http://public2.vulnerablecode.io/api/packages/373031?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.11.1.P2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48064?format=api", "vulnerability_id": "VCID-t4dn-73sn-57c1", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95366", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95403", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95375", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95382", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95393", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95395", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95401", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3140" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01495" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0001/" }, { "reference_url": "http://www.securityfocus.com/bid/99088", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99088" }, { "reference_url": "http://www.securitytracker.com/id/1038692", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038692" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461302", "reference_id": "1461302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461302" }, { "reference_url": "https://security.archlinux.org/ASA-201706-18", "reference_id": "ASA-201706-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-18" }, { "reference_url": "https://security.archlinux.org/AVG-301", "reference_id": "AVG-301", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-301" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3140", "reference_id": "CVE-2017-3140", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3140" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372962?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ddg3-vmpb-cbhs" }, { "vulnerability": "VCID-tg7b-ra4c-cue1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P1-1" } ], "aliases": [ "CVE-2017-3140" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4dn-73sn-57c1" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48063?format=api", "vulnerability_id": "VCID-ruf8-3syu-vyew", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3138.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97231", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97256", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97242", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97243", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.9725", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97251", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97255", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.38782", "scoring_system": "epss", "scoring_elements": "0.97237", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3138" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/aa-01471", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01471" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180802-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "reference_url": "http://www.securityfocus.com/bid/97657", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97657" }, { "reference_url": "http://www.securitytracker.com/id/1038260", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038260" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441137", "reference_id": "1441137", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441137" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226", "reference_id": "860226", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860226" }, { "reference_url": "https://security.archlinux.org/ASA-201704-11", "reference_id": "ASA-201704-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-11" }, { "reference_url": "https://security.archlinux.org/AVG-239", "reference_id": "AVG-239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-239" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s7:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3138", "reference_id": "CVE-2017-3138", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:S/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3138" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://usn.ubuntu.com/3259-1/", "reference_id": "USN-3259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3259-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373031?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t4dn-73sn-57c1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1" } ], "aliases": [ "CVE-2017-3138" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ruf8-3syu-vyew" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48062?format=api", "vulnerability_id": "VCID-sh9s-2ef5-ruct", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3137.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96496", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.9653", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96512", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.9652", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96523", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96526", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96527", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96504", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.28496", "scoring_system": "epss", "scoring_elements": "0.96508", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://kb.isc.org/docs/aa-01466", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01466" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180802-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "reference_url": "http://www.securityfocus.com/bid/97651", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97651" }, { "reference_url": "http://www.securitytracker.com/id/1038258", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038258" }, { "reference_url": "http://www.securitytracker.com/id/1040195", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1040195" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441133", "reference_id": "1441133", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225", "reference_id": "860225", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860225" }, { "reference_url": "https://security.archlinux.org/ASA-201704-11", "reference_id": "ASA-201704-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-11" }, { "reference_url": "https://security.archlinux.org/AVG-239", "reference_id": "AVG-239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-239" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.9:s8:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:6.7:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:6.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.2:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3137", "reference_id": "CVE-2017-3137", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3137" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1095", "reference_id": "RHSA-2017:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1105", "reference_id": "RHSA-2017:1105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1582", "reference_id": "RHSA-2017:1582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1583", "reference_id": "RHSA-2017:1583", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1583" }, { "reference_url": "https://usn.ubuntu.com/3259-1/", "reference_id": "USN-3259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3259-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373031?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t4dn-73sn-57c1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1" } ], "aliases": [ "CVE-2017-3137" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sh9s-2ef5-ruct" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48061?format=api", "vulnerability_id": "VCID-tp19-8gsn-n7ez", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3136.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97767", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97789", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.9778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97783", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97786", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97788", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97772", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97774", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.49378", "scoring_system": "epss", "scoring_elements": "0.97776", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3136" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3137" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3138" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03747en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01465", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01465" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180802-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180802-0002/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3854" }, { "reference_url": "http://www.securityfocus.com/bid/97653", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/97653" }, { "reference_url": "http://www.securitytracker.com/id/1038259", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038259" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441125", "reference_id": "1441125", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1441125" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224", "reference_id": "860224", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=860224" }, { "reference_url": "https://security.archlinux.org/ASA-201704-11", "reference_id": "ASA-201704-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-11" }, { "reference_url": "https://security.archlinux.org/AVG-239", "reference_id": "AVG-239", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-239" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.4:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:b1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.8.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p3:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p4:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p5:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p6:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:beta1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:rc1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3136", "reference_id": "CVE-2017-3136", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3136" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1095", "reference_id": "RHSA-2017:1095", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1095" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1105", "reference_id": "RHSA-2017:1105", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1105" }, { "reference_url": "https://usn.ubuntu.com/3259-1/", "reference_id": "USN-3259-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3259-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/373031?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-t4dn-73sn-57c1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1" } ], "aliases": [ "CVE-2017-3136" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tp19-8gsn-n7ez" } ], "risk_score": "3.1", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1-1" }, { "url": "http://public2.vulnerablecode.io/api/packages/372962?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P1-1", "type": "alpm", "namespace": "archlinux", "name": "bind", "version": "9.11.1.P1-1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "9.11.1.P2-1", "latest_non_vulnerable_version": "9.20.9-1", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71886?format=api", "vulnerability_id": "VCID-ddg3-vmpb-cbhs", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3142", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89613", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89652", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89629", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.8963", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89647", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89653", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.8966", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89658", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04951", "scoring_system": "epss", "scoring_elements": "0.89616", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01504", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01504" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190830-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190830-0003/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3904" }, { "reference_url": "http://www.securityfocus.com/bid/99339", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99339" }, { "reference_url": "http://www.securitytracker.com/id/1038809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038809" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466189", "reference_id": "1466189", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466189" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564", "reference_id": "866564", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564" }, { "reference_url": "https://security.archlinux.org/ASA-201707-3", "reference_id": "ASA-201707-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-3" }, { "reference_url": "https://security.archlinux.org/AVG-335", "reference_id": "AVG-335", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-335" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3142", "reference_id": "CVE-2017-3142", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:N" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3142" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1679", "reference_id": "RHSA-2017:1679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1680", "reference_id": "RHSA-2017:1680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1680" }, { "reference_url": "https://usn.ubuntu.com/3346-1/", "reference_id": "USN-3346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-1/" }, { "reference_url": "https://usn.ubuntu.com/3346-3/", "reference_id": "USN-3346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372963?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1" } ], "aliases": [ "CVE-2017-3142" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ddg3-vmpb-cbhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/71887?format=api", "vulnerability_id": "VCID-tg7b-ra4c-cue1", "summary": "security update", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3143", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96329", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96364", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96337", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96341", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96345", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96353", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96357", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.26927", "scoring_system": "epss", "scoring_elements": "0.96361", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3143" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:C/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01503", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01503" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20190830-0003/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20190830-0003/" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3904", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3904" }, { "reference_url": "http://www.securityfocus.com/bid/99337", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99337" }, { "reference_url": "http://www.securitytracker.com/id/1038809", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038809" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466193", "reference_id": "1466193", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1466193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564", "reference_id": "866564", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564" }, { "reference_url": "https://security.archlinux.org/ASA-201707-3", "reference_id": "ASA-201707-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-3" }, { "reference_url": "https://security.archlinux.org/AVG-335", "reference_id": "AVG-335", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-335" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3143", "reference_id": "CVE-2017-3143", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3143" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1679", "reference_id": "RHSA-2017:1679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:1680", "reference_id": "RHSA-2017:1680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:1680" }, { "reference_url": "https://usn.ubuntu.com/3346-1/", "reference_id": "USN-3346-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-1/" }, { "reference_url": "https://usn.ubuntu.com/3346-3/", "reference_id": "USN-3346-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3346-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372963?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P2-1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1" } ], "aliases": [ "CVE-2017-3143" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7b-ra4c-cue1" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48064?format=api", "vulnerability_id": "VCID-t4dn-73sn-57c1", "summary": "Multiple vulnerabilities have been found in BIND, the worst of\n which allows remote attackers to cause a Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3140.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3140", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95366", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95403", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95375", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95382", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95386", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95393", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95395", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.19519", "scoring_system": "epss", "scoring_elements": "0.95401", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-3140" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us", "reference_id": "", "reference_type": "", "scores": [], "url": "https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us" }, { "reference_url": "https://kb.isc.org/docs/aa-01495", "reference_id": "", "reference_type": "", "scores": [], "url": "https://kb.isc.org/docs/aa-01495" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20180926-0001/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20180926-0001/" }, { "reference_url": "http://www.securityfocus.com/bid/99088", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99088" }, { "reference_url": "http://www.securitytracker.com/id/1038692", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1038692" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461302", "reference_id": "1461302", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1461302" }, { "reference_url": "https://security.archlinux.org/ASA-201706-18", "reference_id": "ASA-201706-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201706-18" }, { "reference_url": "https://security.archlinux.org/AVG-301", "reference_id": "AVG-301", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-301" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s1:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3140", "reference_id": "CVE-2017-3140", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" }, { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" }, { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-3140" }, { "reference_url": "https://security.gentoo.org/glsa/201708-01", "reference_id": "GLSA-201708-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201708-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/372962?format=api", "purl": "pkg:alpm/archlinux/bind@9.11.1.P1-1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ddg3-vmpb-cbhs" }, { "vulnerability": "VCID-tg7b-ra4c-cue1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P1-1" } ], "aliases": [ "CVE-2017-3140" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t4dn-73sn-57c1" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P1-1" } ] }