{"count":1067264,"next":"http://public2.vulnerablecode.io/api/packages/?format=json&page=3","previous":"http://public2.vulnerablecode.io/api/packages/?format=json","results":[{"url":"http://public2.vulnerablecode.io/api/packages/372963?format=json","purl":"pkg:alpm/archlinux/bind@9.11.1.P2-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.1.P2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.11.2.P1-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71886?format=json","vulnerability_id":"VCID-ddg3-vmpb-cbhs","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3142.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3142","reference_id":"","reference_type":"","scores":[{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89613","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89652","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89629","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.8963","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89647","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89653","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.8966","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89658","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04951","scoring_system":"epss","scoring_elements":"0.89616","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01504","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01504"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190830-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190830-0003/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3904","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3904"},{"reference_url":"http://www.securityfocus.com/bid/99339","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99339"},{"reference_url":"http://www.securitytracker.com/id/1038809","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466189","reference_id":"1466189","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466189"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564","reference_id":"866564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564"},{"reference_url":"https://security.archlinux.org/ASA-201707-3","reference_id":"ASA-201707-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-3"},{"reference_url":"https://security.archlinux.org/AVG-335","reference_id":"AVG-335","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-335"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3142","reference_id":"CVE-2017-3142","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3142"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1679","reference_id":"RHSA-2017:1679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1680","reference_id":"RHSA-2017:1680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1680"},{"reference_url":"https://usn.ubuntu.com/3346-1/","reference_id":"USN-3346-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-1/"},{"reference_url":"https://usn.ubuntu.com/3346-3/","reference_id":"USN-3346-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372963?format=json","purl":"pkg:alpm/archlinux/bind@9.11.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1"}],"aliases":["CVE-2017-3142"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ddg3-vmpb-cbhs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71887?format=json","vulnerability_id":"VCID-tg7b-ra4c-cue1","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3143.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3143","reference_id":"","reference_type":"","scores":[{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96329","published_at":"2026-04-01T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96364","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96337","published_at":"2026-04-02T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96345","published_at":"2026-04-07T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96353","published_at":"2026-04-08T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96357","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26927","scoring_system":"epss","scoring_elements":"0.96361","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3143"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3142"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3143"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:C/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us","reference_id":"","reference_type":"","scores":[],"url":"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03772en_us"},{"reference_url":"https://kb.isc.org/docs/aa-01503","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01503"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190830-0003/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190830-0003/"},{"reference_url":"https://www.debian.org/security/2017/dsa-3904","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3904"},{"reference_url":"http://www.securityfocus.com/bid/99337","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/99337"},{"reference_url":"http://www.securitytracker.com/id/1038809","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038809"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466193","reference_id":"1466193","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1466193"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564","reference_id":"866564","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=866564"},{"reference_url":"https://security.archlinux.org/ASA-201707-3","reference_id":"ASA-201707-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-3"},{"reference_url":"https://security.archlinux.org/AVG-335","reference_id":"AVG-335","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-335"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.5:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.0:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.10:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3143","reference_id":"CVE-2017-3143","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-3143"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1679","reference_id":"RHSA-2017:1679","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1679"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1680","reference_id":"RHSA-2017:1680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1680"},{"reference_url":"https://usn.ubuntu.com/3346-1/","reference_id":"USN-3346-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-1/"},{"reference_url":"https://usn.ubuntu.com/3346-3/","reference_id":"USN-3346-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3346-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372963?format=json","purl":"pkg:alpm/archlinux/bind@9.11.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1"}],"aliases":["CVE-2017-3143"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg7b-ra4c-cue1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.1.P2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372809?format=json","purl":"pkg:alpm/archlinux/bind@9.11.2-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.11.2.P1-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71888?format=json","vulnerability_id":"VCID-s9ua-j61v-jbch","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3145","reference_id":"","reference_type":"","scores":[{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92054","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92088","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92092","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.9206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92084","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534812","reference_id":"1534812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534812"},{"reference_url":"https://security.archlinux.org/ASA-201801-16","reference_id":"ASA-201801-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-16"},{"reference_url":"https://security.archlinux.org/AVG-589","reference_id":"AVG-589","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0101","reference_id":"RHSA-2018:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0102","reference_id":"RHSA-2018:0102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0487","reference_id":"RHSA-2018:0487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0488","reference_id":"RHSA-2018:0488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0488"},{"reference_url":"https://usn.ubuntu.com/3535-1/","reference_id":"USN-3535-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3535-1/"},{"reference_url":"https://usn.ubuntu.com/3535-2/","reference_id":"USN-3535-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3535-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372810?format=json","purl":"pkg:alpm/archlinux/bind@9.11.2.P1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2.P1-1"}],"aliases":["CVE-2017-3145"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ua-j61v-jbch"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372810?format=json","purl":"pkg:alpm/archlinux/bind@9.11.2.P1-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.11.2.P1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.12.1.P2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/71888?format=json","vulnerability_id":"VCID-s9ua-j61v-jbch","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-3145.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3145","reference_id":"","reference_type":"","scores":[{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92054","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92087","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92088","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92092","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.9206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92069","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92072","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0799","scoring_system":"epss","scoring_elements":"0.92084","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-3145"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-3145"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534812","reference_id":"1534812","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1534812"},{"reference_url":"https://security.archlinux.org/ASA-201801-16","reference_id":"ASA-201801-16","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201801-16"},{"reference_url":"https://security.archlinux.org/AVG-589","reference_id":"AVG-589","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0101","reference_id":"RHSA-2018:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0102","reference_id":"RHSA-2018:0102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0487","reference_id":"RHSA-2018:0487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:0488","reference_id":"RHSA-2018:0488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:0488"},{"reference_url":"https://usn.ubuntu.com/3535-1/","reference_id":"USN-3535-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3535-1/"},{"reference_url":"https://usn.ubuntu.com/3535-2/","reference_id":"USN-3535-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3535-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372810?format=json","purl":"pkg:alpm/archlinux/bind@9.11.2.P1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2.P1-1"}],"aliases":["CVE-2017-3145"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s9ua-j61v-jbch"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.11.2.P1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374385?format=json","purl":"pkg:alpm/archlinux/bind@9.12.1-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.12.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.12.1.P2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83448?format=json","vulnerability_id":"VCID-29ng-3xgz-hbh5","summary":"bind: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5736","reference_id":"","reference_type":"","scores":[{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97457","published_at":"2026-04-01T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97476","published_at":"2026-04-09T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97479","published_at":"2026-04-11T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97464","published_at":"2026-04-02T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97475","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5736"},{"reference_url":"https://kb.isc.org/docs/aa-01602","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01602"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0004/"},{"reference_url":"http://www.securityfocus.com/bid/104386","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104386"},{"reference_url":"http://www.securitytracker.com/id/1040941","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040941"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578591","reference_id":"1578591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578591"},{"reference_url":"https://security.archlinux.org/ASA-201805-20","reference_id":"ASA-201805-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-20"},{"reference_url":"https://security.archlinux.org/AVG-706","reference_id":"AVG-706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-706"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5736","reference_id":"CVE-2018-5736","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374386?format=json","purl":"pkg:alpm/archlinux/bind@9.12.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1"}],"aliases":["CVE-2018-5736"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29ng-3xgz-hbh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83449?format=json","vulnerability_id":"VCID-5pz4-bxq7-27gh","summary":"bind: Interaction between NSEC aggresive negative caching and the serve-stale feature can cause a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5737","reference_id":"","reference_type":"","scores":[{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.7874","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78791","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78794","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78748","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78779","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78761","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5737"},{"reference_url":"https://kb.isc.org/docs/aa-01606","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01606"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0004/"},{"reference_url":"http://www.securityfocus.com/bid/104236","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104236"},{"reference_url":"http://www.securitytracker.com/id/1040942","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040942"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578593","reference_id":"1578593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578593"},{"reference_url":"https://security.archlinux.org/ASA-201805-20","reference_id":"ASA-201805-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-20"},{"reference_url":"https://security.archlinux.org/AVG-706","reference_id":"AVG-706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-706"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5737","reference_id":"CVE-2018-5737","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374386?format=json","purl":"pkg:alpm/archlinux/bind@9.12.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1"}],"aliases":["CVE-2018-5737"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pz4-bxq7-27gh"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374386?format=json","purl":"pkg:alpm/archlinux/bind@9.12.1.P2-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.12.1.P2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.13.2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83448?format=json","vulnerability_id":"VCID-29ng-3xgz-hbh5","summary":"bind: Multiple transfers of a zone in quick succession can cause an assertion failure in rbtdb.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5736.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5736","reference_id":"","reference_type":"","scores":[{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97457","published_at":"2026-04-01T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97476","published_at":"2026-04-09T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97479","published_at":"2026-04-11T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97464","published_at":"2026-04-02T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97468","published_at":"2026-04-07T12:55:00Z"},{"value":"0.42906","scoring_system":"epss","scoring_elements":"0.97475","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5736"},{"reference_url":"https://kb.isc.org/docs/aa-01602","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01602"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0004/"},{"reference_url":"http://www.securityfocus.com/bid/104386","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104386"},{"reference_url":"http://www.securitytracker.com/id/1040941","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040941"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578591","reference_id":"1578591","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578591"},{"reference_url":"https://security.archlinux.org/ASA-201805-20","reference_id":"ASA-201805-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-20"},{"reference_url":"https://security.archlinux.org/AVG-706","reference_id":"AVG-706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-706"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5736","reference_id":"CVE-2018-5736","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5736"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374386?format=json","purl":"pkg:alpm/archlinux/bind@9.12.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1"}],"aliases":["CVE-2018-5736"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-29ng-3xgz-hbh5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83449?format=json","vulnerability_id":"VCID-5pz4-bxq7-27gh","summary":"bind: Interaction between NSEC aggresive negative caching and the serve-stale feature can cause a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5737.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5737","reference_id":"","reference_type":"","scores":[{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.7874","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78791","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78794","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78817","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.788","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78748","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78779","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01186","scoring_system":"epss","scoring_elements":"0.78761","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5737"},{"reference_url":"https://kb.isc.org/docs/aa-01606","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01606"},{"reference_url":"https://security.netapp.com/advisory/ntap-20180926-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20180926-0004/"},{"reference_url":"http://www.securityfocus.com/bid/104236","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/104236"},{"reference_url":"http://www.securitytracker.com/id/1040942","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1040942"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578593","reference_id":"1578593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1578593"},{"reference_url":"https://security.archlinux.org/ASA-201805-20","reference_id":"ASA-201805-20","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201805-20"},{"reference_url":"https://security.archlinux.org/AVG-706","reference_id":"AVG-706","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-706"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:data_ontap_edge:-:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5737","reference_id":"CVE-2018-5737","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374386?format=json","purl":"pkg:alpm/archlinux/bind@9.12.1.P2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1"}],"aliases":["CVE-2018-5737"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5pz4-bxq7-27gh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.12.1.P2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374383?format=json","purl":"pkg:alpm/archlinux/bind@9.13.0-2","type":"alpm","namespace":"archlinux","name":"bind","version":"9.13.0-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.13.2-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46956?format=json","vulnerability_id":"VCID-3kvk-745c-tfaf","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5738","reference_id":"","reference_type":"","scores":[{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87181","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87235","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87205","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87226","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87233","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87246","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87239","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87191","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87208","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/aa-01616","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01616"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190830-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190830-0002/"},{"reference_url":"http://www.securitytracker.com/id/1041115","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1589616","reference_id":"1589616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1589616"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483","reference_id":"901483","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483"},{"reference_url":"https://security.archlinux.org/AVG-718","reference_id":"AVG-718","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-718"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5738","reference_id":"CVE-2018-5738","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5738"},{"reference_url":"https://security.gentoo.org/glsa/201903-13","reference_id":"GLSA-201903-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-13"},{"reference_url":"https://usn.ubuntu.com/3683-1/","reference_id":"USN-3683-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3683-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374384?format=json","purl":"pkg:alpm/archlinux/bind@9.13.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.2-1"}],"aliases":["CVE-2018-5738"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kvk-745c-tfaf"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.0-2"},{"url":"http://public2.vulnerablecode.io/api/packages/374384?format=json","purl":"pkg:alpm/archlinux/bind@9.13.2-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.13.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.13.7-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46956?format=json","vulnerability_id":"VCID-3kvk-745c-tfaf","summary":"Multiple vulnerabilities have been found in BIND, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5738.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5738","reference_id":"","reference_type":"","scores":[{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87181","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87235","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87205","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87226","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87233","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87246","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87239","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87191","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03303","scoring_system":"epss","scoring_elements":"0.87208","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5738"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/aa-01616","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/aa-01616"},{"reference_url":"https://security.netapp.com/advisory/ntap-20190830-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20190830-0002/"},{"reference_url":"http://www.securitytracker.com/id/1041115","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1041115"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1589616","reference_id":"1589616","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1589616"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483","reference_id":"901483","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=901483"},{"reference_url":"https://security.archlinux.org/AVG-718","reference_id":"AVG-718","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-718"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.3:s2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:a1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:b2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.0:rc3:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.1:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.13.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.12:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5738","reference_id":"CVE-2018-5738","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5738"},{"reference_url":"https://security.gentoo.org/glsa/201903-13","reference_id":"GLSA-201903-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201903-13"},{"reference_url":"https://usn.ubuntu.com/3683-1/","reference_id":"USN-3683-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3683-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374384?format=json","purl":"pkg:alpm/archlinux/bind@9.13.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.2-1"}],"aliases":["CVE-2018-5738"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3kvk-745c-tfaf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372561?format=json","purl":"pkg:alpm/archlinux/bind@9.13.5-5","type":"alpm","namespace":"archlinux","name":"bind","version":"9.13.5-5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.13.7-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77399?format=json","vulnerability_id":"VCID-4sf3-myam-p3bp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6465","reference_id":"","reference_type":"","scores":[{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79523","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79571","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79538","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79566","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79529","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79551","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2019-6465","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2019-6465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679304","reference_id":"1679304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679304"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955","reference_id":"922955","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955"},{"reference_url":"https://security.archlinux.org/ASA-201902-25","reference_id":"ASA-201902-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-25"},{"reference_url":"https://security.archlinux.org/AVG-915","reference_id":"AVG-915","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-915"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6465","reference_id":"CVE-2019-6465","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3552","reference_id":"RHSA-2019:3552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1061","reference_id":"RHSA-2020:1061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1061"},{"reference_url":"https://usn.ubuntu.com/3893-1/","reference_id":"USN-3893-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-1/"},{"reference_url":"https://usn.ubuntu.com/3893-2/","reference_id":"USN-3893-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372562?format=json","purl":"pkg:alpm/archlinux/bind@9.13.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1"}],"aliases":["CVE-2019-6465"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf3-myam-p3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82769?format=json","vulnerability_id":"VCID-e8xu-cq82-x3bw","summary":"bind: A specially crafted packet can cause named to leak memory","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5744","reference_id":"","reference_type":"","scores":[{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.88999","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89052","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89047","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89059","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89022","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2018-5744","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2018-5744"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679299","reference_id":"1679299","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679299"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953","reference_id":"922953","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953"},{"reference_url":"https://security.archlinux.org/ASA-201902-25","reference_id":"ASA-201902-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-25"},{"reference_url":"https://security.archlinux.org/AVG-915","reference_id":"AVG-915","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-915"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5744","reference_id":"CVE-2018-5744","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5744"},{"reference_url":"https://usn.ubuntu.com/3893-1/","reference_id":"USN-3893-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372562?format=json","purl":"pkg:alpm/archlinux/bind@9.13.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1"}],"aliases":["CVE-2018-5744"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8xu-cq82-x3bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77398?format=json","vulnerability_id":"VCID-sna2-5cuy-4fa2","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5745","reference_id":"","reference_type":"","scores":[{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67215","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67256","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67262","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67382","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2018-5745","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2018-5745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679303","reference_id":"1679303","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954","reference_id":"922954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954"},{"reference_url":"https://security.archlinux.org/ASA-201902-25","reference_id":"ASA-201902-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-25"},{"reference_url":"https://security.archlinux.org/AVG-915","reference_id":"AVG-915","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-915"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5745","reference_id":"CVE-2018-5745","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"},{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3552","reference_id":"RHSA-2019:3552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1061","reference_id":"RHSA-2020:1061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1061"},{"reference_url":"https://usn.ubuntu.com/3893-1/","reference_id":"USN-3893-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-1/"},{"reference_url":"https://usn.ubuntu.com/3893-2/","reference_id":"USN-3893-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372562?format=json","purl":"pkg:alpm/archlinux/bind@9.13.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1"}],"aliases":["CVE-2018-5745"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sna2-5cuy-4fa2"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.5-5"},{"url":"http://public2.vulnerablecode.io/api/packages/372562?format=json","purl":"pkg:alpm/archlinux/bind@9.13.7-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.13.7-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.14.7-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77399?format=json","vulnerability_id":"VCID-4sf3-myam-p3bp","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6465.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6465","reference_id":"","reference_type":"","scores":[{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79523","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79571","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79538","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79566","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79573","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79529","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0128","scoring_system":"epss","scoring_elements":"0.79551","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2019-6465","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2019-6465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679304","reference_id":"1679304","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679304"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955","reference_id":"922955","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922955"},{"reference_url":"https://security.archlinux.org/ASA-201902-25","reference_id":"ASA-201902-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-25"},{"reference_url":"https://security.archlinux.org/AVG-915","reference_id":"AVG-915","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-915"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6465","reference_id":"CVE-2019-6465","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6465"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3552","reference_id":"RHSA-2019:3552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1061","reference_id":"RHSA-2020:1061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1061"},{"reference_url":"https://usn.ubuntu.com/3893-1/","reference_id":"USN-3893-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-1/"},{"reference_url":"https://usn.ubuntu.com/3893-2/","reference_id":"USN-3893-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372562?format=json","purl":"pkg:alpm/archlinux/bind@9.13.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1"}],"aliases":["CVE-2019-6465"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4sf3-myam-p3bp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82769?format=json","vulnerability_id":"VCID-e8xu-cq82-x3bw","summary":"bind: A specially crafted packet can cause named to leak memory","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5744.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5744","reference_id":"","reference_type":"","scores":[{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.88999","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89052","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89024","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89042","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89047","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89059","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89055","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89007","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04441","scoring_system":"epss","scoring_elements":"0.89022","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5744"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2018-5744","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2018-5744"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679299","reference_id":"1679299","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679299"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953","reference_id":"922953","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922953"},{"reference_url":"https://security.archlinux.org/ASA-201902-25","reference_id":"ASA-201902-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-25"},{"reference_url":"https://security.archlinux.org/AVG-915","reference_id":"AVG-915","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-915"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:s1:*:*:supported_preview:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:rc2:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:supported_preview:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:rc1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5744","reference_id":"CVE-2018-5744","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5744"},{"reference_url":"https://usn.ubuntu.com/3893-1/","reference_id":"USN-3893-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372562?format=json","purl":"pkg:alpm/archlinux/bind@9.13.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1"}],"aliases":["CVE-2018-5744"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e8xu-cq82-x3bw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/77398?format=json","vulnerability_id":"VCID-sna2-5cuy-4fa2","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5745","reference_id":"","reference_type":"","scores":[{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67215","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67242","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67256","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67276","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0053","scoring_system":"epss","scoring_elements":"0.67262","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00533","scoring_system":"epss","scoring_elements":"0.67382","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-5745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-6465"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2018-5745","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2018-5745"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679303","reference_id":"1679303","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1679303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954","reference_id":"922954","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=922954"},{"reference_url":"https://security.archlinux.org/ASA-201902-25","reference_id":"ASA-201902-25","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-25"},{"reference_url":"https://security.archlinux.org/AVG-915","reference_id":"AVG-915","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-915"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.7:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.10.8:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*","reference_id":"cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.11.5:s3:*:*:*:supported_preview:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:-:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.12.3:p1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*","reference_id":"cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:9.9.3:s1:*:*:*:supported_preview:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5745","reference_id":"CVE-2018-5745","reference_type":"","scores":[{"value":"3.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:S/C:N/I:N/A:P"},{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"},{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-5745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3552","reference_id":"RHSA-2019:3552","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3552"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1061","reference_id":"RHSA-2020:1061","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1061"},{"reference_url":"https://usn.ubuntu.com/3893-1/","reference_id":"USN-3893-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-1/"},{"reference_url":"https://usn.ubuntu.com/3893-2/","reference_id":"USN-3893-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3893-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372562?format=json","purl":"pkg:alpm/archlinux/bind@9.13.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1"}],"aliases":["CVE-2018-5745"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sna2-5cuy-4fa2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.13.7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374271?format=json","purl":"pkg:alpm/archlinux/bind@9.14.6-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.14.6-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.14.7-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81911?format=json","vulnerability_id":"VCID-7mbz-t9jk-juca","summary":"bind: A flaw in mirror zone validity checking can allow zone data to be spoofed","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6475","reference_id":"","reference_type":"","scores":[{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70006","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70069","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70057","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70073","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70033","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2019-6475","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2019-6475"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191024-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191024-0004/"},{"reference_url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762914","reference_id":"1762914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762914"},{"reference_url":"https://security.archlinux.org/AVG-1056","reference_id":"AVG-1056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1056"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6475","reference_id":"CVE-2019-6475","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374272?format=json","purl":"pkg:alpm/archlinux/bind@9.14.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1"}],"aliases":["CVE-2019-6475"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mbz-t9jk-juca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81912?format=json","vulnerability_id":"VCID-cufc-v1hn-jbdn","summary":"bind: An error in QNAME minimization code can cause BIND to exit with an assertion failure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6476","reference_id":"","reference_type":"","scores":[{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79427","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79476","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79445","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79473","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79503","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79486","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79458","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6476"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2019-6476","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2019-6476"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191024-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191024-0004/"},{"reference_url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762957","reference_id":"1762957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762957"},{"reference_url":"https://security.archlinux.org/AVG-1056","reference_id":"AVG-1056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1056"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6476","reference_id":"CVE-2019-6476","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374272?format=json","purl":"pkg:alpm/archlinux/bind@9.14.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1"}],"aliases":["CVE-2019-6476"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cufc-v1hn-jbdn"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.6-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374272?format=json","purl":"pkg:alpm/archlinux/bind@9.14.7-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.14.7-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.16.4-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81911?format=json","vulnerability_id":"VCID-7mbz-t9jk-juca","summary":"bind: A flaw in mirror zone validity checking can allow zone data to be spoofed","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6475","reference_id":"","reference_type":"","scores":[{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70006","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70069","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70009","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70057","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70073","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70096","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70018","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00621","scoring_system":"epss","scoring_elements":"0.70033","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6475"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2019-6475","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2019-6475"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191024-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191024-0004/"},{"reference_url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762914","reference_id":"1762914","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762914"},{"reference_url":"https://security.archlinux.org/AVG-1056","reference_id":"AVG-1056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1056"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6475","reference_id":"CVE-2019-6475","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6475"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374272?format=json","purl":"pkg:alpm/archlinux/bind@9.14.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1"}],"aliases":["CVE-2019-6475"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7mbz-t9jk-juca"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81912?format=json","vulnerability_id":"VCID-cufc-v1hn-jbdn","summary":"bind: An error in QNAME minimization code can cause BIND to exit with an assertion failure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-6476.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6476","reference_id":"","reference_type":"","scores":[{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79427","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79476","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79445","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79473","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79503","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79486","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79434","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01269","scoring_system":"epss","scoring_elements":"0.79458","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-6476"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://kb.isc.org/docs/cve-2019-6476","reference_id":"","reference_type":"","scores":[],"url":"https://kb.isc.org/docs/cve-2019-6476"},{"reference_url":"https://security.netapp.com/advisory/ntap-20191024-0004/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20191024-0004/"},{"reference_url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K42238532?utm_source=f5support&amp%3Butm_medium=RSS"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762957","reference_id":"1762957","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1762957"},{"reference_url":"https://security.archlinux.org/AVG-1056","reference_id":"AVG-1056","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1056"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6476","reference_id":"CVE-2019-6476","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-6476"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374272?format=json","purl":"pkg:alpm/archlinux/bind@9.14.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1"}],"aliases":["CVE-2019-6476"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cufc-v1hn-jbdn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.14.7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372381?format=json","purl":"pkg:alpm/archlinux/bind@9.16.2-2","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.2-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.16.4-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79771?format=json","vulnerability_id":"VCID-e5ez-2bba-zke3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8617","reference_id":"","reference_type":"","scores":[{"value":"0.89736","scoring_system":"epss","scoring_elements":"0.99565","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89736","scoring_system":"epss","scoring_elements":"0.99566","published_at":"2026-04-08T12:55:00Z"},{"value":"0.89827","scoring_system":"epss","scoring_elements":"0.99567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.92629","scoring_system":"epss","scoring_elements":"0.99745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92629","scoring_system":"epss","scoring_elements":"0.99746","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836124","reference_id":"1836124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836124"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939","reference_id":"961939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939"},{"reference_url":"https://security.archlinux.org/ASA-202005-13","reference_id":"ASA-202005-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-13"},{"reference_url":"https://security.archlinux.org/AVG-1165","reference_id":"AVG-1165","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1165"},{"reference_url":"https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py","reference_id":"CVE-2020-8617","reference_type":"exploit","scores":[],"url":"https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py","reference_id":"CVE-2020-8617","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2338","reference_id":"RHSA-2020:2338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2344","reference_id":"RHSA-2020:2344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2345","reference_id":"RHSA-2020:2345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2383","reference_id":"RHSA-2020:2383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2404","reference_id":"RHSA-2020:2404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2893","reference_id":"RHSA-2020:2893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3378","reference_id":"RHSA-2020:3378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3379","reference_id":"RHSA-2020:3379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3433","reference_id":"RHSA-2020:3433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3470","reference_id":"RHSA-2020:3470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3471","reference_id":"RHSA-2020:3471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3475","reference_id":"RHSA-2020:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3475"},{"reference_url":"https://usn.ubuntu.com/4365-1/","reference_id":"USN-4365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-1/"},{"reference_url":"https://usn.ubuntu.com/4365-2/","reference_id":"USN-4365-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372382?format=json","purl":"pkg:alpm/archlinux/bind@9.16.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqmy-rkkq-mkgj"},{"vulnerability":"VCID-qknq-wu95-6ba7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1"}],"aliases":["CVE-2020-8617"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5ez-2bba-zke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79770?format=json","vulnerability_id":"VCID-tg21-xnsh-t7c3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8616","reference_id":"","reference_type":"","scores":[{"value":"0.1534","scoring_system":"epss","scoring_elements":"0.946","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1534","scoring_system":"epss","scoring_elements":"0.94615","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1534","scoring_system":"epss","scoring_elements":"0.94608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.9537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.95373","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.95377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.95363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.9538","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836118","reference_id":"1836118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836118"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939","reference_id":"961939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939"},{"reference_url":"https://security.archlinux.org/ASA-202005-13","reference_id":"ASA-202005-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-13"},{"reference_url":"https://security.archlinux.org/AVG-1165","reference_id":"AVG-1165","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2338","reference_id":"RHSA-2020:2338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2344","reference_id":"RHSA-2020:2344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2345","reference_id":"RHSA-2020:2345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2383","reference_id":"RHSA-2020:2383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2404","reference_id":"RHSA-2020:2404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3272","reference_id":"RHSA-2020:3272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3378","reference_id":"RHSA-2020:3378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3379","reference_id":"RHSA-2020:3379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3433","reference_id":"RHSA-2020:3433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3470","reference_id":"RHSA-2020:3470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3471","reference_id":"RHSA-2020:3471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3475","reference_id":"RHSA-2020:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3475"},{"reference_url":"https://usn.ubuntu.com/4365-1/","reference_id":"USN-4365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-1/"},{"reference_url":"https://usn.ubuntu.com/4365-2/","reference_id":"USN-4365-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372382?format=json","purl":"pkg:alpm/archlinux/bind@9.16.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqmy-rkkq-mkgj"},{"vulnerability":"VCID-qknq-wu95-6ba7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1"}],"aliases":["CVE-2020-8616"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg21-xnsh-t7c3"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.2-2"},{"url":"http://public2.vulnerablecode.io/api/packages/372382?format=json","purl":"pkg:alpm/archlinux/bind@9.16.3-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.3-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.16.4-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81149?format=json","vulnerability_id":"VCID-gqmy-rkkq-mkgj","summary":"bind: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8618","reference_id":"","reference_type":"","scores":[{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.7965","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79721","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79704","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79656","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79692","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.797","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847242","reference_id":"1847242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847242"},{"reference_url":"https://security.archlinux.org/ASA-202006-13","reference_id":"ASA-202006-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-13"},{"reference_url":"https://security.archlinux.org/AVG-1191","reference_id":"AVG-1191","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1191"},{"reference_url":"https://usn.ubuntu.com/4399-1/","reference_id":"USN-4399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374239?format=json","purl":"pkg:alpm/archlinux/bind@9.16.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1"}],"aliases":["CVE-2020-8618"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqmy-rkkq-mkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81150?format=json","vulnerability_id":"VCID-qknq-wu95-6ba7","summary":"bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8619","reference_id":"","reference_type":"","scores":[{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91367","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91417","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91373","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91383","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91409","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847244","reference_id":"1847244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847244"},{"reference_url":"https://security.archlinux.org/ASA-202006-13","reference_id":"ASA-202006-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-13"},{"reference_url":"https://security.archlinux.org/AVG-1191","reference_id":"AVG-1191","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1191"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4500","reference_id":"RHSA-2020:4500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4500"},{"reference_url":"https://usn.ubuntu.com/4399-1/","reference_id":"USN-4399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374239?format=json","purl":"pkg:alpm/archlinux/bind@9.16.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1"}],"aliases":["CVE-2020-8619"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qknq-wu95-6ba7"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79771?format=json","vulnerability_id":"VCID-e5ez-2bba-zke3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8617.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8617","reference_id":"","reference_type":"","scores":[{"value":"0.89736","scoring_system":"epss","scoring_elements":"0.99565","published_at":"2026-04-07T12:55:00Z"},{"value":"0.89736","scoring_system":"epss","scoring_elements":"0.99566","published_at":"2026-04-08T12:55:00Z"},{"value":"0.89827","scoring_system":"epss","scoring_elements":"0.99567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.92629","scoring_system":"epss","scoring_elements":"0.99745","published_at":"2026-04-13T12:55:00Z"},{"value":"0.92629","scoring_system":"epss","scoring_elements":"0.99746","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8617"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836124","reference_id":"1836124","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836124"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939","reference_id":"961939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939"},{"reference_url":"https://security.archlinux.org/ASA-202005-13","reference_id":"ASA-202005-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-13"},{"reference_url":"https://security.archlinux.org/AVG-1165","reference_id":"AVG-1165","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1165"},{"reference_url":"https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py","reference_id":"CVE-2020-8617","reference_type":"exploit","scores":[],"url":"https://github.com/knqyf263/CVE-2020-8617/blob/92a64e68cf77a5b938e0d9c04524fa6147ccb785/exploit.py"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py","reference_id":"CVE-2020-8617","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/48521.py"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2338","reference_id":"RHSA-2020:2338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2344","reference_id":"RHSA-2020:2344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2345","reference_id":"RHSA-2020:2345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2383","reference_id":"RHSA-2020:2383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2404","reference_id":"RHSA-2020:2404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2893","reference_id":"RHSA-2020:2893","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2893"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3378","reference_id":"RHSA-2020:3378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3379","reference_id":"RHSA-2020:3379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3433","reference_id":"RHSA-2020:3433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3470","reference_id":"RHSA-2020:3470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3471","reference_id":"RHSA-2020:3471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3475","reference_id":"RHSA-2020:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3475"},{"reference_url":"https://usn.ubuntu.com/4365-1/","reference_id":"USN-4365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-1/"},{"reference_url":"https://usn.ubuntu.com/4365-2/","reference_id":"USN-4365-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372382?format=json","purl":"pkg:alpm/archlinux/bind@9.16.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqmy-rkkq-mkgj"},{"vulnerability":"VCID-qknq-wu95-6ba7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1"}],"aliases":["CVE-2020-8617"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e5ez-2bba-zke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79770?format=json","vulnerability_id":"VCID-tg21-xnsh-t7c3","summary":"security update","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8616","reference_id":"","reference_type":"","scores":[{"value":"0.1534","scoring_system":"epss","scoring_elements":"0.946","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1534","scoring_system":"epss","scoring_elements":"0.94615","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1534","scoring_system":"epss","scoring_elements":"0.94608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.9537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.95373","published_at":"2026-04-09T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.95377","published_at":"2026-04-12T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.95363","published_at":"2026-04-07T12:55:00Z"},{"value":"0.19393","scoring_system":"epss","scoring_elements":"0.9538","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8617"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836118","reference_id":"1836118","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1836118"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939","reference_id":"961939","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961939"},{"reference_url":"https://security.archlinux.org/ASA-202005-13","reference_id":"ASA-202005-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202005-13"},{"reference_url":"https://security.archlinux.org/AVG-1165","reference_id":"AVG-1165","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2338","reference_id":"RHSA-2020:2338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2344","reference_id":"RHSA-2020:2344","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2344"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2345","reference_id":"RHSA-2020:2345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2383","reference_id":"RHSA-2020:2383","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2383"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2404","reference_id":"RHSA-2020:2404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3272","reference_id":"RHSA-2020:3272","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3272"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3378","reference_id":"RHSA-2020:3378","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3378"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3379","reference_id":"RHSA-2020:3379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3433","reference_id":"RHSA-2020:3433","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3433"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3470","reference_id":"RHSA-2020:3470","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3470"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3471","reference_id":"RHSA-2020:3471","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3471"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3475","reference_id":"RHSA-2020:3475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3475"},{"reference_url":"https://usn.ubuntu.com/4365-1/","reference_id":"USN-4365-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-1/"},{"reference_url":"https://usn.ubuntu.com/4365-2/","reference_id":"USN-4365-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4365-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372382?format=json","purl":"pkg:alpm/archlinux/bind@9.16.3-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-gqmy-rkkq-mkgj"},{"vulnerability":"VCID-qknq-wu95-6ba7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1"}],"aliases":["CVE-2020-8616"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tg21-xnsh-t7c3"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374239?format=json","purl":"pkg:alpm/archlinux/bind@9.16.4-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.4-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.16.12-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81149?format=json","vulnerability_id":"VCID-gqmy-rkkq-mkgj","summary":"bind: A buffer boundary check assertion in rdataset.c can fail incorrectly during zone transfer","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8618","reference_id":"","reference_type":"","scores":[{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.7965","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79698","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79721","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79704","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79656","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79678","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.79692","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01297","scoring_system":"epss","scoring_elements":"0.797","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847242","reference_id":"1847242","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847242"},{"reference_url":"https://security.archlinux.org/ASA-202006-13","reference_id":"ASA-202006-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-13"},{"reference_url":"https://security.archlinux.org/AVG-1191","reference_id":"AVG-1191","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1191"},{"reference_url":"https://usn.ubuntu.com/4399-1/","reference_id":"USN-4399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374239?format=json","purl":"pkg:alpm/archlinux/bind@9.16.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1"}],"aliases":["CVE-2020-8618"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gqmy-rkkq-mkgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81150?format=json","vulnerability_id":"VCID-qknq-wu95-6ba7","summary":"bind: asterisk character in an empty non-terminal can cause an assertion failure in rbtdb.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8619.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8619","reference_id":"","reference_type":"","scores":[{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91367","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91417","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91415","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91418","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91373","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91383","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91391","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91403","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06931","scoring_system":"epss","scoring_elements":"0.91409","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8619"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8622"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8623"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8624"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847244","reference_id":"1847244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1847244"},{"reference_url":"https://security.archlinux.org/ASA-202006-13","reference_id":"ASA-202006-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-13"},{"reference_url":"https://security.archlinux.org/AVG-1191","reference_id":"AVG-1191","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1191"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4500","reference_id":"RHSA-2020:4500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4500"},{"reference_url":"https://usn.ubuntu.com/4399-1/","reference_id":"USN-4399-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4399-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374239?format=json","purl":"pkg:alpm/archlinux/bind@9.16.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1"}],"aliases":["CVE-2020-8619"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qknq-wu95-6ba7"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.4-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372181?format=json","purl":"pkg:alpm/archlinux/bind@9.16.11-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.11-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.16.12-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80573?format=json","vulnerability_id":"VCID-4nrz-wm5t-z3g5","summary":"bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8625","reference_id":"","reference_type":"","scores":[{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96269","published_at":"2026-04-01T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96301","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96305","published_at":"2026-04-12T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96284","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96297","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928486","reference_id":"1928486","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928486"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004","reference_id":"983004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004"},{"reference_url":"https://security.archlinux.org/ASA-202102-40","reference_id":"ASA-202102-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-40"},{"reference_url":"https://security.archlinux.org/AVG-1589","reference_id":"AVG-1589","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0669","reference_id":"RHSA-2021:0669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0670","reference_id":"RHSA-2021:0670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0671","reference_id":"RHSA-2021:0671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0672","reference_id":"RHSA-2021:0672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0691","reference_id":"RHSA-2021:0691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0692","reference_id":"RHSA-2021:0692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0693","reference_id":"RHSA-2021:0693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0694","reference_id":"RHSA-2021:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0727","reference_id":"RHSA-2021:0727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0922","reference_id":"RHSA-2021:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0922"},{"reference_url":"https://usn.ubuntu.com/4737-1/","reference_id":"USN-4737-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4737-1/"},{"reference_url":"https://usn.ubuntu.com/4737-2/","reference_id":"USN-4737-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4737-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372182?format=json","purl":"pkg:alpm/archlinux/bind@9.16.12-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.12-1"}],"aliases":["CVE-2020-8625"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nrz-wm5t-z3g5"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.11-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372182?format=json","purl":"pkg:alpm/archlinux/bind@9.16.12-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.12-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.16.15-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80573?format=json","vulnerability_id":"VCID-4nrz-wm5t-z3g5","summary":"bind: Buffer overflow in the SPNEGO implementation affecting GSSAPI security policy negotiation","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8625.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8625","reference_id":"","reference_type":"","scores":[{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96269","published_at":"2026-04-01T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96301","published_at":"2026-04-09T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96305","published_at":"2026-04-12T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96284","published_at":"2026-04-04T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.26304","scoring_system":"epss","scoring_elements":"0.96297","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8625"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928486","reference_id":"1928486","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1928486"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004","reference_id":"983004","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=983004"},{"reference_url":"https://security.archlinux.org/ASA-202102-40","reference_id":"ASA-202102-40","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202102-40"},{"reference_url":"https://security.archlinux.org/AVG-1589","reference_id":"AVG-1589","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1589"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0669","reference_id":"RHSA-2021:0669","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0669"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0670","reference_id":"RHSA-2021:0670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0671","reference_id":"RHSA-2021:0671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0672","reference_id":"RHSA-2021:0672","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0672"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0691","reference_id":"RHSA-2021:0691","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0691"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0692","reference_id":"RHSA-2021:0692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0693","reference_id":"RHSA-2021:0693","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0693"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0694","reference_id":"RHSA-2021:0694","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0727","reference_id":"RHSA-2021:0727","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0727"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0922","reference_id":"RHSA-2021:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0922"},{"reference_url":"https://usn.ubuntu.com/4737-1/","reference_id":"USN-4737-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4737-1/"},{"reference_url":"https://usn.ubuntu.com/4737-2/","reference_id":"USN-4737-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4737-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372182?format=json","purl":"pkg:alpm/archlinux/bind@9.16.12-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.12-1"}],"aliases":["CVE-2020-8625"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4nrz-wm5t-z3g5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.12-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372104?format=json","purl":"pkg:alpm/archlinux/bind@9.16.13-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.13-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.16.15-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80330?format=json","vulnerability_id":"VCID-7kh5-ba54-z3gy","summary":"bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25215","reference_id":"","reference_type":"","scores":[{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81002","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81086","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81073","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81034","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81068","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953857","reference_id":"1953857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953857"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742","reference_id":"987742","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742"},{"reference_url":"https://security.archlinux.org/ASA-202104-10","reference_id":"ASA-202104-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-10"},{"reference_url":"https://security.archlinux.org/AVG-1890","reference_id":"AVG-1890","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1468","reference_id":"RHSA-2021:1468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1469","reference_id":"RHSA-2021:1469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1475","reference_id":"RHSA-2021:1475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1476","reference_id":"RHSA-2021:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1477","reference_id":"RHSA-2021:1477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1478","reference_id":"RHSA-2021:1478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1479","reference_id":"RHSA-2021:1479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1989","reference_id":"RHSA-2021:1989","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2024","reference_id":"RHSA-2021:2024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2028","reference_id":"RHSA-2021:2028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2028"},{"reference_url":"https://usn.ubuntu.com/4929-1/","reference_id":"USN-4929-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4929-1/"},{"reference_url":"https://usn.ubuntu.com/7739-1/","reference_id":"USN-7739-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7739-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372105?format=json","purl":"pkg:alpm/archlinux/bind@9.16.15-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1"}],"aliases":["CVE-2021-25215"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh5-ba54-z3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80329?format=json","vulnerability_id":"VCID-pjk7-r6yh-ufak","summary":"bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25214","reference_id":"","reference_type":"","scores":[{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73117","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73196","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73177","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73127","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73123","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73158","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73172","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953849","reference_id":"1953849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953849"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741","reference_id":"987741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741"},{"reference_url":"https://security.archlinux.org/ASA-202104-10","reference_id":"ASA-202104-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-10"},{"reference_url":"https://security.archlinux.org/AVG-1890","reference_id":"AVG-1890","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3325","reference_id":"RHSA-2021:3325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4384","reference_id":"RHSA-2021:4384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4384"},{"reference_url":"https://usn.ubuntu.com/4929-1/","reference_id":"USN-4929-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4929-1/"},{"reference_url":"https://usn.ubuntu.com/7739-1/","reference_id":"USN-7739-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7739-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372105?format=json","purl":"pkg:alpm/archlinux/bind@9.16.15-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1"}],"aliases":["CVE-2021-25214"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjk7-r6yh-ufak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80331?format=json","vulnerability_id":"VCID-rd8n-tcus-zyg3","summary":"bind: Vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25216","reference_id":"","reference_type":"","scores":[{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96416","published_at":"2026-04-01T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.9645","published_at":"2026-04-13T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96447","published_at":"2026-04-12T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96423","published_at":"2026-04-02T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96427","published_at":"2026-04-04T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96431","published_at":"2026-04-07T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96439","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953872","reference_id":"1953872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953872"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743","reference_id":"987743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743"},{"reference_url":"https://security.archlinux.org/ASA-202104-10","reference_id":"ASA-202104-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-10"},{"reference_url":"https://security.archlinux.org/AVG-1890","reference_id":"AVG-1890","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1890"},{"reference_url":"https://usn.ubuntu.com/4929-1/","reference_id":"USN-4929-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4929-1/"},{"reference_url":"https://usn.ubuntu.com/7739-1/","reference_id":"USN-7739-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7739-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372105?format=json","purl":"pkg:alpm/archlinux/bind@9.16.15-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1"}],"aliases":["CVE-2021-25216"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8n-tcus-zyg3"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.13-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372105?format=json","purl":"pkg:alpm/archlinux/bind@9.16.15-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.15-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.16.20-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80330?format=json","vulnerability_id":"VCID-7kh5-ba54-z3gy","summary":"bind: An assertion check can fail while answering queries for DNAME records that require the DNAME to be processed to resolve itself","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25215.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25215","reference_id":"","reference_type":"","scores":[{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81002","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81066","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81086","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81073","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81011","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81035","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81034","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81062","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01493","scoring_system":"epss","scoring_elements":"0.81068","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953857","reference_id":"1953857","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953857"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742","reference_id":"987742","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987742"},{"reference_url":"https://security.archlinux.org/ASA-202104-10","reference_id":"ASA-202104-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-10"},{"reference_url":"https://security.archlinux.org/AVG-1890","reference_id":"AVG-1890","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1468","reference_id":"RHSA-2021:1468","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1468"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1469","reference_id":"RHSA-2021:1469","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1469"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1475","reference_id":"RHSA-2021:1475","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1475"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1476","reference_id":"RHSA-2021:1476","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1476"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1477","reference_id":"RHSA-2021:1477","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1477"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1478","reference_id":"RHSA-2021:1478","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1478"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1479","reference_id":"RHSA-2021:1479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1989","reference_id":"RHSA-2021:1989","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1989"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2024","reference_id":"RHSA-2021:2024","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2024"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2028","reference_id":"RHSA-2021:2028","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2028"},{"reference_url":"https://usn.ubuntu.com/4929-1/","reference_id":"USN-4929-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4929-1/"},{"reference_url":"https://usn.ubuntu.com/7739-1/","reference_id":"USN-7739-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7739-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372105?format=json","purl":"pkg:alpm/archlinux/bind@9.16.15-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1"}],"aliases":["CVE-2021-25215"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7kh5-ba54-z3gy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80329?format=json","vulnerability_id":"VCID-pjk7-r6yh-ufak","summary":"bind: Broken inbound incremental zone update (IXFR) can cause named to terminate unexpectedly","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25214.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25214","reference_id":"","reference_type":"","scores":[{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73117","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73171","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73196","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73177","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73127","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73123","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73158","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00751","scoring_system":"epss","scoring_elements":"0.73172","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953849","reference_id":"1953849","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953849"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741","reference_id":"987741","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987741"},{"reference_url":"https://security.archlinux.org/ASA-202104-10","reference_id":"ASA-202104-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-10"},{"reference_url":"https://security.archlinux.org/AVG-1890","reference_id":"AVG-1890","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1890"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3325","reference_id":"RHSA-2021:3325","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3325"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4384","reference_id":"RHSA-2021:4384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4384"},{"reference_url":"https://usn.ubuntu.com/4929-1/","reference_id":"USN-4929-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4929-1/"},{"reference_url":"https://usn.ubuntu.com/7739-1/","reference_id":"USN-7739-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7739-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372105?format=json","purl":"pkg:alpm/archlinux/bind@9.16.15-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1"}],"aliases":["CVE-2021-25214"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pjk7-r6yh-ufak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80331?format=json","vulnerability_id":"VCID-rd8n-tcus-zyg3","summary":"bind: Vulnerability in BIND's GSSAPI security policy negotiation can be targeted by a buffer overflow attack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25216.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25216","reference_id":"","reference_type":"","scores":[{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96416","published_at":"2026-04-01T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.9645","published_at":"2026-04-13T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96443","published_at":"2026-04-09T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96447","published_at":"2026-04-12T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96423","published_at":"2026-04-02T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96427","published_at":"2026-04-04T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96431","published_at":"2026-04-07T12:55:00Z"},{"value":"0.27744","scoring_system":"epss","scoring_elements":"0.96439","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25216"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25214"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25215"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25216"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953872","reference_id":"1953872","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1953872"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743","reference_id":"987743","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987743"},{"reference_url":"https://security.archlinux.org/ASA-202104-10","reference_id":"ASA-202104-10","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202104-10"},{"reference_url":"https://security.archlinux.org/AVG-1890","reference_id":"AVG-1890","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1890"},{"reference_url":"https://usn.ubuntu.com/4929-1/","reference_id":"USN-4929-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4929-1/"},{"reference_url":"https://usn.ubuntu.com/7739-1/","reference_id":"USN-7739-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7739-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372105?format=json","purl":"pkg:alpm/archlinux/bind@9.16.15-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1"}],"aliases":["CVE-2021-25216"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rd8n-tcus-zyg3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.15-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373524?format=json","purl":"pkg:alpm/archlinux/bind@9.16.19-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.19-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.16.20-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80079?format=json","vulnerability_id":"VCID-x9g2-pnfe-qyhh","summary":"bind: Too strict assertion check could be triggered when responses require UDP fragmentation if RRL is in use","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25218","reference_id":"","reference_type":"","scores":[{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68945","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.6901","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69054","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.6904","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68963","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68983","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68962","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69032","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25218"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995312","reference_id":"1995312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995312"},{"reference_url":"https://security.archlinux.org/AVG-2303","reference_id":"AVG-2303","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373525?format=json","purl":"pkg:alpm/archlinux/bind@9.16.20-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.20-1"}],"aliases":["CVE-2021-25218"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9g2-pnfe-qyhh"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.19-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373525?format=json","purl":"pkg:alpm/archlinux/bind@9.16.20-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.20-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.16.22-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80079?format=json","vulnerability_id":"VCID-x9g2-pnfe-qyhh","summary":"bind: Too strict assertion check could be triggered when responses require UDP fragmentation if RRL is in use","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25218.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25218","reference_id":"","reference_type":"","scores":[{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68945","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.6901","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69054","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.6904","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68963","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68983","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68962","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69013","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69032","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25218"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995312","reference_id":"1995312","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1995312"},{"reference_url":"https://security.archlinux.org/AVG-2303","reference_id":"AVG-2303","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2303"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373525?format=json","purl":"pkg:alpm/archlinux/bind@9.16.20-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.20-1"}],"aliases":["CVE-2021-25218"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x9g2-pnfe-qyhh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.20-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373406?format=json","purl":"pkg:alpm/archlinux/bind@9.16.21-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.21-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.16.22-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49232?format=json","vulnerability_id":"VCID-8k3p-761z-f3e3","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25219","reference_id":"","reference_type":"","scores":[{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76379","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76412","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76427","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.7644","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77425","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77445","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2017636","reference_id":"2017636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2017636"},{"reference_url":"https://security.archlinux.org/ASA-202110-12","reference_id":"ASA-202110-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-12"},{"reference_url":"https://security.archlinux.org/AVG-2502","reference_id":"AVG-2502","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2502"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2092","reference_id":"RHSA-2022:2092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2092"},{"reference_url":"https://usn.ubuntu.com/5126-1/","reference_id":"USN-5126-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5126-1/"},{"reference_url":"https://usn.ubuntu.com/5126-2/","reference_id":"USN-5126-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5126-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373407?format=json","purl":"pkg:alpm/archlinux/bind@9.16.22-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.22-1"}],"aliases":["CVE-2021-25219"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8k3p-761z-f3e3"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.21-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373407?format=json","purl":"pkg:alpm/archlinux/bind@9.16.22-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.16.22-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.18.1-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49232?format=json","vulnerability_id":"VCID-8k3p-761z-f3e3","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25219.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25219","reference_id":"","reference_type":"","scores":[{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76379","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76394","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76383","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76412","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.76427","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00957","scoring_system":"epss","scoring_elements":"0.7644","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77425","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77421","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01039","scoring_system":"epss","scoring_elements":"0.77445","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25219"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25219"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2017636","reference_id":"2017636","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2017636"},{"reference_url":"https://security.archlinux.org/ASA-202110-12","reference_id":"ASA-202110-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202110-12"},{"reference_url":"https://security.archlinux.org/AVG-2502","reference_id":"AVG-2502","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2502"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2092","reference_id":"RHSA-2022:2092","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2092"},{"reference_url":"https://usn.ubuntu.com/5126-1/","reference_id":"USN-5126-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5126-1/"},{"reference_url":"https://usn.ubuntu.com/5126-2/","reference_id":"USN-5126-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5126-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373407?format=json","purl":"pkg:alpm/archlinux/bind@9.16.22-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.22-1"}],"aliases":["CVE-2021-25219"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8k3p-761z-f3e3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.16.22-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371798?format=json","purl":"pkg:alpm/archlinux/bind@9.18.0-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.18.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.18.1-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49233?format=json","vulnerability_id":"VCID-67zf-a3r9-wqcv","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25220","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28459","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2855","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29013","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29079","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29202","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064512","reference_id":"2064512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064512"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7643","reference_id":"RHSA-2022:7643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7790","reference_id":"RHSA-2022:7790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8068","reference_id":"RHSA-2022:8068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8385","reference_id":"RHSA-2022:8385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0402","reference_id":"RHSA-2023:0402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2720","reference_id":"RHSA-2024:2720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21740","reference_id":"RHSA-2025:21740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21741","reference_id":"RHSA-2025:21741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21889","reference_id":"RHSA-2025:21889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22168","reference_id":"RHSA-2025:22168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23414","reference_id":"RHSA-2025:23414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23414"},{"reference_url":"https://usn.ubuntu.com/5332-1/","reference_id":"USN-5332-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5332-1/"},{"reference_url":"https://usn.ubuntu.com/5332-2/","reference_id":"USN-5332-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5332-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2021-25220"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67zf-a3r9-wqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79582?format=json","vulnerability_id":"VCID-b3u2-wjzm-duhc","summary":"bind: When chasing DS records, a timed-out or artificially delayed fetch could cause 'named' to crash while resuming a DS lookup","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0667","reference_id":"","reference_type":"","scores":[{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71825","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71834","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71865","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71877","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064515","reference_id":"2064515","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064515"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2022-0667"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3u2-wjzm-duhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79581?format=json","vulnerability_id":"VCID-x4bu-4ex7-37cd","summary":"bind: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0635","reference_id":"","reference_type":"","scores":[{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73649","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73724","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73706","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73658","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73682","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.7369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73703","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064514","reference_id":"2064514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064514"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2022-0635"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4bu-4ex7-37cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49234?format=json","vulnerability_id":"VCID-zgnn-ckqt-43fq","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0396","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28578","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28623","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28665","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2871","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28516","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28581","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28621","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064513","reference_id":"2064513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064513"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7643","reference_id":"RHSA-2022:7643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8068","reference_id":"RHSA-2022:8068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8068"},{"reference_url":"https://usn.ubuntu.com/5332-1/","reference_id":"USN-5332-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5332-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2022-0396"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgnn-ckqt-43fq"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.18.1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.18.3-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49233?format=json","vulnerability_id":"VCID-67zf-a3r9-wqcv","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-25220.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25220","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28459","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2851","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2855","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28551","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28509","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29013","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29079","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00108","scoring_system":"epss","scoring_elements":"0.29202","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-25220"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-25220"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064512","reference_id":"2064512","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064512"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7643","reference_id":"RHSA-2022:7643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7790","reference_id":"RHSA-2022:7790","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7790"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8068","reference_id":"RHSA-2022:8068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8068"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8385","reference_id":"RHSA-2022:8385","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8385"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0402","reference_id":"RHSA-2023:0402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2720","reference_id":"RHSA-2024:2720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2720"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21740","reference_id":"RHSA-2025:21740","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21740"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21741","reference_id":"RHSA-2025:21741","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21741"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:21889","reference_id":"RHSA-2025:21889","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:21889"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:22168","reference_id":"RHSA-2025:22168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:22168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:23414","reference_id":"RHSA-2025:23414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:23414"},{"reference_url":"https://usn.ubuntu.com/5332-1/","reference_id":"USN-5332-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5332-1/"},{"reference_url":"https://usn.ubuntu.com/5332-2/","reference_id":"USN-5332-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5332-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2021-25220"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-67zf-a3r9-wqcv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79582?format=json","vulnerability_id":"VCID-b3u2-wjzm-duhc","summary":"bind: When chasing DS records, a timed-out or artificially delayed fetch could cause 'named' to crash while resuming a DS lookup","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0667.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0667","reference_id":"","reference_type":"","scores":[{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71825","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71866","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71883","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71834","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71853","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71827","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71865","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00694","scoring_system":"epss","scoring_elements":"0.71877","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0667"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064515","reference_id":"2064515","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064515"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2022-0667"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b3u2-wjzm-duhc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79581?format=json","vulnerability_id":"VCID-x4bu-4ex7-37cd","summary":"bind: Lookups involving a DNAME could trigger an assertion failure when 'synth-from-dnssec' was enabled (which is the default)","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0635","reference_id":"","reference_type":"","scores":[{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73649","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73724","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73706","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73658","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73682","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73654","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.7369","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00781","scoring_system":"epss","scoring_elements":"0.73703","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064514","reference_id":"2064514","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064514"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2022-0635"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4bu-4ex7-37cd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49234?format=json","vulnerability_id":"VCID-zgnn-ckqt-43fq","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-0396.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0396","reference_id":"","reference_type":"","scores":[{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28578","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2853","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28623","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28579","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28665","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.2871","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28516","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28581","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00105","scoring_system":"epss","scoring_elements":"0.28621","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0396"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0396"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064513","reference_id":"2064513","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2064513"},{"reference_url":"https://security.archlinux.org/ASA-202204-5","reference_id":"ASA-202204-5","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202204-5"},{"reference_url":"https://security.archlinux.org/AVG-2661","reference_id":"AVG-2661","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2661"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:7643","reference_id":"RHSA-2022:7643","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:7643"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8068","reference_id":"RHSA-2022:8068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8068"},{"reference_url":"https://usn.ubuntu.com/5332-1/","reference_id":"USN-5332-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5332-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371799?format=json","purl":"pkg:alpm/archlinux/bind@9.18.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"}],"aliases":["CVE-2022-0396"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zgnn-ckqt-43fq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371758?format=json","purl":"pkg:alpm/archlinux/bind@9.18.2-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.18.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.18.3-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79417?format=json","vulnerability_id":"VCID-qhg8-95mf-aufj","summary":"bind: Destroying a TLS session early causes assertion failure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1183","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60098","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60201","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.6017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60234","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60224","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087575","reference_id":"2087575","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087575"},{"reference_url":"https://security.archlinux.org/AVG-2727","reference_id":"AVG-2727","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2727"},{"reference_url":"https://usn.ubuntu.com/5429-1/","reference_id":"USN-5429-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5429-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371759?format=json","purl":"pkg:alpm/archlinux/bind@9.18.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.3-1"}],"aliases":["CVE-2022-1183"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhg8-95mf-aufj"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371759?format=json","purl":"pkg:alpm/archlinux/bind@9.18.3-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.18.3-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.18.7-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79417?format=json","vulnerability_id":"VCID-qhg8-95mf-aufj","summary":"bind: Destroying a TLS session early causes assertion failure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-1183.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1183","reference_id":"","reference_type":"","scores":[{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60098","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60201","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.6017","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60219","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60234","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60241","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00392","scoring_system":"epss","scoring_elements":"0.60224","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-1183"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087575","reference_id":"2087575","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2087575"},{"reference_url":"https://security.archlinux.org/AVG-2727","reference_id":"AVG-2727","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2727"},{"reference_url":"https://usn.ubuntu.com/5429-1/","reference_id":"USN-5429-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5429-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371759?format=json","purl":"pkg:alpm/archlinux/bind@9.18.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.3-1"}],"aliases":["CVE-2022-1183"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhg8-95mf-aufj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371066?format=json","purl":"pkg:alpm/archlinux/bind@9.18.6-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.18.6-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.18.7-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49240?format=json","vulnerability_id":"VCID-hb26-udtw-6uhy","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38178","reference_id":"","reference_type":"","scores":[{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80593","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80588","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80597","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80614","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80601","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38178"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128602","reference_id":"2128602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128602"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/21/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/09/21/3"},{"reference_url":"https://security.archlinux.org/AVG-2811","reference_id":"AVG-2811","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2811"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/","reference_id":"CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"},{"reference_url":"https://kb.isc.org/docs/cve-2022-38178","reference_id":"cve-2022-38178","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://kb.isc.org/docs/cve-2022-38178"},{"reference_url":"https://www.debian.org/security/2022/dsa-5235","reference_id":"dsa-5235","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://www.debian.org/security/2022/dsa-5235"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/","reference_id":"MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221228-0009/","reference_id":"ntap-20221228-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221228-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6763","reference_id":"RHSA-2022:6763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6764","reference_id":"RHSA-2022:6764","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6764"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6765","reference_id":"RHSA-2022:6765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6778","reference_id":"RHSA-2022:6778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6779","reference_id":"RHSA-2022:6779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6780","reference_id":"RHSA-2022:6780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6781","reference_id":"RHSA-2022:6781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8598","reference_id":"RHSA-2022:8598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8598"},{"reference_url":"https://usn.ubuntu.com/5626-1/","reference_id":"USN-5626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/","reference_id":"YZJQNUASODNVAWZV6STKG5SD6XIJ446S","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371067?format=json","purl":"pkg:alpm/archlinux/bind@9.18.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1"}],"aliases":["CVE-2022-38178"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hb26-udtw-6uhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49235?format=json","vulnerability_id":"VCID-kpsw-dq9w-pkdr","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2795","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65706","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65669","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65665","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65716","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65735","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128584","reference_id":"2128584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128584"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/21/3","reference_id":"3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/09/21/3"},{"reference_url":"https://security.archlinux.org/AVG-2811","reference_id":"AVG-2811","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2811"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/","reference_id":"CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"},{"reference_url":"https://kb.isc.org/docs/cve-2022-2795","reference_id":"cve-2022-2795","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://kb.isc.org/docs/cve-2022-2795"},{"reference_url":"https://www.debian.org/security/2022/dsa-5235","reference_id":"dsa-5235","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://www.debian.org/security/2022/dsa-5235"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/","reference_id":"MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0402","reference_id":"RHSA-2023:0402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2261","reference_id":"RHSA-2023:2261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2792","reference_id":"RHSA-2023:2792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3002","reference_id":"RHSA-2023:3002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2720","reference_id":"RHSA-2024:2720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2720"},{"reference_url":"https://usn.ubuntu.com/5626-1/","reference_id":"USN-5626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-1/"},{"reference_url":"https://usn.ubuntu.com/5626-2/","reference_id":"USN-5626-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/","reference_id":"YZJQNUASODNVAWZV6STKG5SD6XIJ446S","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371067?format=json","purl":"pkg:alpm/archlinux/bind@9.18.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1"}],"aliases":["CVE-2022-2795"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpsw-dq9w-pkdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49238?format=json","vulnerability_id":"VCID-rgz6-urkq-ybch","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3080","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.292","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29378","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.2919","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29298","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29252","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128600","reference_id":"2128600","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128600"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/21/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/09/21/3"},{"reference_url":"https://security.archlinux.org/AVG-2811","reference_id":"AVG-2811","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2811"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/","reference_id":"CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"},{"reference_url":"https://kb.isc.org/docs/cve-2022-3080","reference_id":"cve-2022-3080","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://kb.isc.org/docs/cve-2022-3080"},{"reference_url":"https://www.debian.org/security/2022/dsa-5235","reference_id":"dsa-5235","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://www.debian.org/security/2022/dsa-5235"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/","reference_id":"MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0002/","reference_id":"ntap-20240621-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240621-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6763","reference_id":"RHSA-2022:6763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6781","reference_id":"RHSA-2022:6781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6781"},{"reference_url":"https://usn.ubuntu.com/5626-1/","reference_id":"USN-5626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/","reference_id":"YZJQNUASODNVAWZV6STKG5SD6XIJ446S","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371067?format=json","purl":"pkg:alpm/archlinux/bind@9.18.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1"}],"aliases":["CVE-2022-3080"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgz6-urkq-ybch"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.6-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371067?format=json","purl":"pkg:alpm/archlinux/bind@9.18.7-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.18.7-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"9.20.9-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49240?format=json","vulnerability_id":"VCID-hb26-udtw-6uhy","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-38178.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38178","reference_id":"","reference_type":"","scores":[{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80593","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80567","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80559","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80588","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80597","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80614","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01421","scoring_system":"epss","scoring_elements":"0.80601","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-38178"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128602","reference_id":"2128602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128602"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/21/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/09/21/3"},{"reference_url":"https://security.archlinux.org/AVG-2811","reference_id":"AVG-2811","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2811"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/","reference_id":"CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"},{"reference_url":"https://kb.isc.org/docs/cve-2022-38178","reference_id":"cve-2022-38178","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://kb.isc.org/docs/cve-2022-38178"},{"reference_url":"https://www.debian.org/security/2022/dsa-5235","reference_id":"dsa-5235","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://www.debian.org/security/2022/dsa-5235"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/","reference_id":"MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20221228-0009/","reference_id":"ntap-20221228-0009","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://security.netapp.com/advisory/ntap-20221228-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6763","reference_id":"RHSA-2022:6763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6764","reference_id":"RHSA-2022:6764","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6764"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6765","reference_id":"RHSA-2022:6765","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6765"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6778","reference_id":"RHSA-2022:6778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6779","reference_id":"RHSA-2022:6779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6779"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6780","reference_id":"RHSA-2022:6780","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6780"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6781","reference_id":"RHSA-2022:6781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6781"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:8598","reference_id":"RHSA-2022:8598","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:8598"},{"reference_url":"https://usn.ubuntu.com/5626-1/","reference_id":"USN-5626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/","reference_id":"YZJQNUASODNVAWZV6STKG5SD6XIJ446S","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T15:22:52Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371067?format=json","purl":"pkg:alpm/archlinux/bind@9.18.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1"}],"aliases":["CVE-2022-38178"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hb26-udtw-6uhy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49235?format=json","vulnerability_id":"VCID-kpsw-dq9w-pkdr","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-2795.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2795","reference_id":"","reference_type":"","scores":[{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65706","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65669","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65699","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65665","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65716","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65728","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.6575","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00493","scoring_system":"epss","scoring_elements":"0.65735","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128584","reference_id":"2128584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128584"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/21/3","reference_id":"3","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/09/21/3"},{"reference_url":"https://security.archlinux.org/AVG-2811","reference_id":"AVG-2811","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2811"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/","reference_id":"CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"},{"reference_url":"https://kb.isc.org/docs/cve-2022-2795","reference_id":"cve-2022-2795","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://kb.isc.org/docs/cve-2022-2795"},{"reference_url":"https://www.debian.org/security/2022/dsa-5235","reference_id":"dsa-5235","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://www.debian.org/security/2022/dsa-5235"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/","reference_id":"MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html","reference_id":"msg00007.html","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/10/msg00007.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:0402","reference_id":"RHSA-2023:0402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:0402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2261","reference_id":"RHSA-2023:2261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:2792","reference_id":"RHSA-2023:2792","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:2792"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:3002","reference_id":"RHSA-2023:3002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:3002"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:2720","reference_id":"RHSA-2024:2720","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:2720"},{"reference_url":"https://usn.ubuntu.com/5626-1/","reference_id":"USN-5626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-1/"},{"reference_url":"https://usn.ubuntu.com/5626-2/","reference_id":"USN-5626-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-2/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/","reference_id":"YZJQNUASODNVAWZV6STKG5SD6XIJ446S","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-12T17:20:53Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371067?format=json","purl":"pkg:alpm/archlinux/bind@9.18.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1"}],"aliases":["CVE-2022-2795"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kpsw-dq9w-pkdr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49238?format=json","vulnerability_id":"VCID-rgz6-urkq-ybch","summary":"Multiple vulnerabilities have been discovered in ISC BIND, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3080.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3080","reference_id":"","reference_type":"","scores":[{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.292","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29328","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29378","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.2919","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29254","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29295","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29298","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00109","scoring_system":"epss","scoring_elements":"0.29252","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3080"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38177"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-38178"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128600","reference_id":"2128600","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2128600"},{"reference_url":"http://www.openwall.com/lists/oss-security/2022/09/21/3","reference_id":"3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"http://www.openwall.com/lists/oss-security/2022/09/21/3"},{"reference_url":"https://security.archlinux.org/AVG-2811","reference_id":"AVG-2811","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2811"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/","reference_id":"CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CV4GQWBPF7Y52J2FA24U6UMHQAOXZEF7/"},{"reference_url":"https://kb.isc.org/docs/cve-2022-3080","reference_id":"cve-2022-3080","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://kb.isc.org/docs/cve-2022-3080"},{"reference_url":"https://www.debian.org/security/2022/dsa-5235","reference_id":"dsa-5235","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://www.debian.org/security/2022/dsa-5235"},{"reference_url":"https://security.gentoo.org/glsa/202210-25","reference_id":"GLSA-202210-25","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://security.gentoo.org/glsa/202210-25"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/","reference_id":"MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MRHB6J4Z7BKH4HPEKG5D35QGRD6ANNMT/"},{"reference_url":"https://security.netapp.com/advisory/ntap-20240621-0002/","reference_id":"ntap-20240621-0002","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://security.netapp.com/advisory/ntap-20240621-0002/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6763","reference_id":"RHSA-2022:6763","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6763"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:6781","reference_id":"RHSA-2022:6781","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:6781"},{"reference_url":"https://usn.ubuntu.com/5626-1/","reference_id":"USN-5626-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5626-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/","reference_id":"YZJQNUASODNVAWZV6STKG5SD6XIJ446S","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-06-26T19:18:15Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YZJQNUASODNVAWZV6STKG5SD6XIJ446S/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371067?format=json","purl":"pkg:alpm/archlinux/bind@9.18.7-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1"}],"aliases":["CVE-2022-3080"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgz6-urkq-ybch"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.18.7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371641?format=json","purl":"pkg:alpm/archlinux/bind@9.20.8-2","type":"alpm","namespace":"archlinux","name":"bind","version":"9.20.8-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"9.20.9-1","latest_non_vulnerable_version":"9.20.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69524?format=json","vulnerability_id":"VCID-nw9j-ggq9-uqaq","summary":"bind: DNS message with invalid TSIG causes an assertion failure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-40775","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33915","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33884","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33769","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39845","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39887","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39896","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-40775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367442","reference_id":"2367442","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367442"},{"reference_url":"https://security.archlinux.org/ASA-202505-14","reference_id":"ASA-202505-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202505-14"},{"reference_url":"https://security.archlinux.org/AVG-2881","reference_id":"AVG-2881","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2881"},{"reference_url":"https://kb.isc.org/docs/cve-2025-40775","reference_id":"cve-2025-40775","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-21T13:19:58Z/"}],"url":"https://kb.isc.org/docs/cve-2025-40775"},{"reference_url":"https://usn.ubuntu.com/7526-1/","reference_id":"USN-7526-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7526-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371642?format=json","purl":"pkg:alpm/archlinux/bind@9.20.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.9-1"}],"aliases":["CVE-2025-40775"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nw9j-ggq9-uqaq"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.8-2"},{"url":"http://public2.vulnerablecode.io/api/packages/371642?format=json","purl":"pkg:alpm/archlinux/bind@9.20.9-1","type":"alpm","namespace":"archlinux","name":"bind","version":"9.20.9-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/69524?format=json","vulnerability_id":"VCID-nw9j-ggq9-uqaq","summary":"bind: DNS message with invalid TSIG causes an assertion failure","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-40775.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-40775","reference_id":"","reference_type":"","scores":[{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33915","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33884","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00138","scoring_system":"epss","scoring_elements":"0.33769","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39862","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39845","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39873","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39887","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39896","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-40775"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367442","reference_id":"2367442","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2367442"},{"reference_url":"https://security.archlinux.org/ASA-202505-14","reference_id":"ASA-202505-14","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202505-14"},{"reference_url":"https://security.archlinux.org/AVG-2881","reference_id":"AVG-2881","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2881"},{"reference_url":"https://kb.isc.org/docs/cve-2025-40775","reference_id":"cve-2025-40775","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-21T13:19:58Z/"}],"url":"https://kb.isc.org/docs/cve-2025-40775"},{"reference_url":"https://usn.ubuntu.com/7526-1/","reference_id":"USN-7526-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7526-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371642?format=json","purl":"pkg:alpm/archlinux/bind@9.20.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.9-1"}],"aliases":["CVE-2025-40775"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nw9j-ggq9-uqaq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bind@9.20.9-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372547?format=json","purl":"pkg:alpm/archlinux/binutils@2.26.0-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.26.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.28.0-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60872?format=json","vulnerability_id":"VCID-2p9v-kf9t-b7fs","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7224","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52812","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52878","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52928","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52912","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52839","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52865","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52833","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52884","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20892","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20892"},{"reference_url":"http://www.securityfocus.com/bid/97277","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435247","reference_id":"1435247","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435247"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7224","reference_id":"CVE-2017-7224","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7224"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7224"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p9v-kf9t-b7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60873?format=json","vulnerability_id":"VCID-cttr-nc15-jbb9","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7225","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60116","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6254","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62669","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62598","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62631","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62646","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20891","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20891"},{"reference_url":"http://www.securityfocus.com/bid/97275","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97275"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435287","reference_id":"1435287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435287"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7225","reference_id":"CVE-2017-7225","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7225"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7225"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cttr-nc15-jbb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84729?format=json","vulnerability_id":"VCID-ej6t-hx56-hbfe","summary":"binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7226","reference_id":"","reference_type":"","scores":[{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.5945","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59468","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59452","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59395","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.5942","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59385","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59436","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20905","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435300","reference_id":"1435300","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435300"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7226","reference_id":"CVE-2017-7226","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7226"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7226"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ej6t-hx56-hbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60871?format=json","vulnerability_id":"VCID-qkjb-wje6-gkgr","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7223","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.59919","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60055","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60076","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.6006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.59996","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60021","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.59991","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60041","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20898","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20898"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435244","reference_id":"1435244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435244"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7223","reference_id":"CVE-2017-7223","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7223"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7223"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkjb-wje6-gkgr"}],"fixing_vulnerabilities":[],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.26.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.27.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.28.0-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60874?format=json","vulnerability_id":"VCID-325s-kx5s-97dj","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7227","reference_id":"","reference_type":"","scores":[{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63094","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63218","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63219","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63183","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63148","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20906","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20906"},{"reference_url":"http://www.securityfocus.com/bid/97209","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435303","reference_id":"1435303","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435303"},{"reference_url":"https://security.archlinux.org/AVG-937","reference_id":"AVG-937","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-937"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7227","reference_id":"CVE-2017-7227","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7227"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374314?format=json","purl":"pkg:alpm/archlinux/binutils@2.28.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-1"}],"aliases":["CVE-2017-7227"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-325s-kx5s-97dj"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60872?format=json","vulnerability_id":"VCID-2p9v-kf9t-b7fs","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7224.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7224","reference_id":"","reference_type":"","scores":[{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52812","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52878","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52928","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52912","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52839","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52865","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52833","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00296","scoring_system":"epss","scoring_elements":"0.52884","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7224"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7224"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20892","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20892"},{"reference_url":"http://www.securityfocus.com/bid/97277","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97277"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435247","reference_id":"1435247","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435247"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7224","reference_id":"CVE-2017-7224","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7224"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7224"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2p9v-kf9t-b7fs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60873?format=json","vulnerability_id":"VCID-cttr-nc15-jbb9","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7225.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7225","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60116","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6254","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62662","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.6268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62669","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62598","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62631","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62596","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00432","scoring_system":"epss","scoring_elements":"0.62646","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7225"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7225"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20891","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20891"},{"reference_url":"http://www.securityfocus.com/bid/97275","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97275"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435287","reference_id":"1435287","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435287"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7225","reference_id":"CVE-2017-7225","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7225"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7225"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cttr-nc15-jbb9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84729?format=json","vulnerability_id":"VCID-ej6t-hx56-hbfe","summary":"binutils: Heap-based buffer over-read in pe_ILF_object_p function in libbfd","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7226.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7226","reference_id":"","reference_type":"","scores":[{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59321","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59434","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.5945","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59468","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59452","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59395","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.5942","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59385","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00379","scoring_system":"epss","scoring_elements":"0.59436","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7226"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7226"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20905","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20905"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435300","reference_id":"1435300","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435300"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7226","reference_id":"CVE-2017-7226","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7226"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7226"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ej6t-hx56-hbfe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60871?format=json","vulnerability_id":"VCID-qkjb-wje6-gkgr","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7223.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7223","reference_id":"","reference_type":"","scores":[{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.59919","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60043","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60055","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60076","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.6006","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.59996","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60021","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.59991","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0039","scoring_system":"epss","scoring_elements":"0.60041","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7223"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7223"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20898","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20898"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435244","reference_id":"1435244","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435244"},{"reference_url":"https://security.archlinux.org/AVG-936","reference_id":"AVG-936","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-936"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7223","reference_id":"CVE-2017-7223","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7223"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372548?format=json","purl":"pkg:alpm/archlinux/binutils@2.27.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-325s-kx5s-97dj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"}],"aliases":["CVE-2017-7223"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qkjb-wje6-gkgr"}],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.27.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374314?format=json","purl":"pkg:alpm/archlinux/binutils@2.28.0-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.28.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.29.0-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60874?format=json","vulnerability_id":"VCID-325s-kx5s-97dj","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7227.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7227","reference_id":"","reference_type":"","scores":[{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63094","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63182","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.632","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63218","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63235","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63219","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63153","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63183","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0044","scoring_system":"epss","scoring_elements":"0.63148","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7227"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7227"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20906","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=20906"},{"reference_url":"http://www.securityfocus.com/bid/97209","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97209"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435303","reference_id":"1435303","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435303"},{"reference_url":"https://security.archlinux.org/AVG-937","reference_id":"AVG-937","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-937"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7227","reference_id":"CVE-2017-7227","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7227"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374314?format=json","purl":"pkg:alpm/archlinux/binutils@2.28.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-1"}],"aliases":["CVE-2017-7227"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-325s-kx5s-97dj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373005?format=json","purl":"pkg:alpm/archlinux/binutils@2.28.0-4","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.28.0-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.29.0-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50177?format=json","vulnerability_id":"VCID-1rp7-5hxs-tqbx","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6965","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48609","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48672","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48624","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48678","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48674","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48666","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4865","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52557","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21137","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21137"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435640","reference_id":"1435640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264","reference_id":"858264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6965","reference_id":"CVE-2017-6965","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6965"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-6965"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rp7-5hxs-tqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60869?format=json","vulnerability_id":"VCID-4ty8-8ecg-mqdy","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7209","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5447","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54537","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54589","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21135","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21135"},{"reference_url":"http://www.securityfocus.com/bid/96994","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96994"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435632","reference_id":"1435632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435632"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323","reference_id":"858323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7209","reference_id":"CVE-2017-7209","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7209"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-7209"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ty8-8ecg-mqdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50193?format=json","vulnerability_id":"VCID-5cxe-ara7-jfcr","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9041","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.6513","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65211","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65233","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65251","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65239","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.6518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65205","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65171","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65221","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452171","reference_id":"1452171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452171"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9041"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cxe-ara7-jfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84365?format=json","vulnerability_id":"VCID-b5je-gm19-yba5","summary":"binutils: Out-of-bounds read in the print_symbol_for_build_attribute function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9044","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61848","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6201","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61921","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61988","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452176","reference_id":"1452176","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452176"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9044"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5je-gm19-yba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50190?format=json","vulnerability_id":"VCID-dyx7-6xgz-mqa7","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9038","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57909","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58021","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57993","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58013","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58043","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58046","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452167","reference_id":"1452167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452167"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9038"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyx7-6xgz-mqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50192?format=json","vulnerability_id":"VCID-j2wc-yxrx-4kh6","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9040","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58021","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64702","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64809","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64816","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64754","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64782","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64745","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64795","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452169","reference_id":"1452169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452169"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9040"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2wc-yxrx-4kh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50178?format=json","vulnerability_id":"VCID-kzqn-frns-jyab","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6966","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51243","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51265","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51207","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51246","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21139","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21139"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435646","reference_id":"1435646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435646"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263","reference_id":"858263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6966","reference_id":"CVE-2017-6966","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6966"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-6966"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzqn-frns-jyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60870?format=json","vulnerability_id":"VCID-mgmr-bkuv-sbba","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7210","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5447","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54537","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54589","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21157","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21157"},{"reference_url":"http://www.securityfocus.com/bid/96992","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96992"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435634","reference_id":"1435634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435634"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324","reference_id":"858324","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7210","reference_id":"CVE-2017-7210","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7210"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-7210"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgmr-bkuv-sbba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84364?format=json","vulnerability_id":"VCID-n93p-dptt-r3hg","summary":"binutils: Shift exponent too large for type unsigned long in readelf.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9043","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60219","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60295","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60338","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64622","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452175","reference_id":"1452175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452175"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9043"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n93p-dptt-r3hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50179?format=json","vulnerability_id":"VCID-qnnr-5t4r-xfdc","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6969","reference_id":"","reference_type":"","scores":[{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63754","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63834","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63881","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63816","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63842","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63799","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.6385","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21156","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21156"},{"reference_url":"http://www.securityfocus.com/bid/97065","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435648","reference_id":"1435648","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256","reference_id":"858256","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6969","reference_id":"CVE-2017-6969","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6969"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-6969"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnnr-5t4r-xfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50191?format=json","vulnerability_id":"VCID-qv6w-s2tv-eyfs","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9039","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57909","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58021","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58046","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57993","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58013","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58043","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452168","reference_id":"1452168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9039"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qv6w-s2tv-eyfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50194?format=json","vulnerability_id":"VCID-z7m5-hqbr-abc2","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9042","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60219","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60295","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60338","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452173","reference_id":"1452173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452173"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9042"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7m5-hqbr-abc2"}],"fixing_vulnerabilities":[],"risk_score":"4.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.28.0-4"},{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.29.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.30-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50177?format=json","vulnerability_id":"VCID-1rp7-5hxs-tqbx","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6965.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6965","reference_id":"","reference_type":"","scores":[{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48609","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48672","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48624","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48678","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48674","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48692","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.48666","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00254","scoring_system":"epss","scoring_elements":"0.4865","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00292","scoring_system":"epss","scoring_elements":"0.52557","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6965"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21137","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21137"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435640","reference_id":"1435640","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435640"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264","reference_id":"858264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858264"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6965","reference_id":"CVE-2017-6965","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6965"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-6965"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1rp7-5hxs-tqbx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60869?format=json","vulnerability_id":"VCID-4ty8-8ecg-mqdy","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7209.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7209","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5447","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54537","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54589","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7209"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7209"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21135","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21135"},{"reference_url":"http://www.securityfocus.com/bid/96994","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96994"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435632","reference_id":"1435632","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435632"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323","reference_id":"858323","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858323"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7209","reference_id":"CVE-2017-7209","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7209"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-7209"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ty8-8ecg-mqdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50193?format=json","vulnerability_id":"VCID-5cxe-ara7-jfcr","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9041.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9041","reference_id":"","reference_type":"","scores":[{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.6513","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65211","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65233","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65251","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65239","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.6518","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65205","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65171","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00483","scoring_system":"epss","scoring_elements":"0.65221","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9041"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9041"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452171","reference_id":"1452171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452171"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9041"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5cxe-ara7-jfcr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84365?format=json","vulnerability_id":"VCID-b5je-gm19-yba5","summary":"binutils: Out-of-bounds read in the print_symbol_for_build_attribute function","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9044.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9044","reference_id":"","reference_type":"","scores":[{"value":"0.00317","scoring_system":"epss","scoring_elements":"0.54763","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61848","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.6201","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61999","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61921","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61951","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00421","scoring_system":"epss","scoring_elements":"0.61988","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9044"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9044"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452176","reference_id":"1452176","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452176"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9044"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b5je-gm19-yba5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50190?format=json","vulnerability_id":"VCID-dyx7-6xgz-mqa7","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9038.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9038","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57909","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58021","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57993","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58013","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58043","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58046","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9038"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9038"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452167","reference_id":"1452167","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452167"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9038"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dyx7-6xgz-mqa7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50192?format=json","vulnerability_id":"VCID-j2wc-yxrx-4kh6","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9040.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9040","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58021","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64702","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64809","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64826","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64816","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64754","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64782","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64745","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00475","scoring_system":"epss","scoring_elements":"0.64795","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9040"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9040"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452169","reference_id":"1452169","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452169"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9040"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j2wc-yxrx-4kh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50178?format=json","vulnerability_id":"VCID-kzqn-frns-jyab","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6966.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6966","reference_id":"","reference_type":"","scores":[{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51243","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51287","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51265","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51207","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00278","scoring_system":"epss","scoring_elements":"0.51246","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6966"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21139","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21139"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435646","reference_id":"1435646","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435646"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263","reference_id":"858263","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858263"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6966","reference_id":"CVE-2017-6966","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6966"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-6966"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzqn-frns-jyab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60870?format=json","vulnerability_id":"VCID-mgmr-bkuv-sbba","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7210.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7210","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5447","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54556","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54583","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54595","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54577","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54545","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54569","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54537","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54589","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7210"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7210"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21157","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21157"},{"reference_url":"http://www.securityfocus.com/bid/96992","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/96992"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435634","reference_id":"1435634","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435634"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324","reference_id":"858324","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858324"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7210","reference_id":"CVE-2017-7210","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7210"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-7210"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgmr-bkuv-sbba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84364?format=json","vulnerability_id":"VCID-n93p-dptt-r3hg","summary":"binutils: Shift exponent too large for type unsigned long in readelf.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9043.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9043","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60219","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60295","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60338","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00471","scoring_system":"epss","scoring_elements":"0.64622","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9043"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9043"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452175","reference_id":"1452175","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452175"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9043"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-n93p-dptt-r3hg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50179?format=json","vulnerability_id":"VCID-qnnr-5t4r-xfdc","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-6969.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6969","reference_id":"","reference_type":"","scores":[{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63754","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63834","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63868","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63881","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63867","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63816","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63842","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.63799","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00455","scoring_system":"epss","scoring_elements":"0.6385","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-6969"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-6969"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21156","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=21156"},{"reference_url":"http://www.securityfocus.com/bid/97065","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97065"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435648","reference_id":"1435648","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1435648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256","reference_id":"858256","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=858256"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6969","reference_id":"CVE-2017-6969","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"9.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-6969"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-6969"],"risk_score":4.1,"exploitability":"0.5","weighted_severity":"8.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qnnr-5t4r-xfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50191?format=json","vulnerability_id":"VCID-qv6w-s2tv-eyfs","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9039.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9039","reference_id":"","reference_type":"","scores":[{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57909","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58021","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58046","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58042","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57993","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58013","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.57988","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00358","scoring_system":"epss","scoring_elements":"0.58043","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9039"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9039"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452168","reference_id":"1452168","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452168"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9039"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qv6w-s2tv-eyfs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/50194?format=json","vulnerability_id":"VCID-z7m5-hqbr-abc2","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9042.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9042","reference_id":"","reference_type":"","scores":[{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60219","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60342","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60354","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60361","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60295","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.6032","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60288","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00395","scoring_system":"epss","scoring_elements":"0.60338","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-9042"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9042"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452173","reference_id":"1452173","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1452173"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674","reference_id":"863674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863674"},{"reference_url":"https://security.archlinux.org/AVG-276","reference_id":"AVG-276","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-276"},{"reference_url":"https://security.gentoo.org/glsa/201709-02","reference_id":"GLSA-201709-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201709-02"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373006?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"}],"aliases":["CVE-2017-9042"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z7m5-hqbr-abc2"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372845?format=json","purl":"pkg:alpm/archlinux/binutils@2.29.1-3","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.29.1-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.30-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83938?format=json","vulnerability_id":"VCID-3aht-pk4j-b3h5","summary":"binutils: NULL pointer dereference in dwarf2.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15022","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15022"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22201","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22201"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500376","reference_id":"1500376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500376"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15022","reference_id":"CVE-2017-15022","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15022"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15022"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3aht-pk4j-b3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83943?format=json","vulnerability_id":"VCID-3az2-jj9s-7ffj","summary":"binutils: Infinite recursion in find_abstract_instance_name","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15024","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62103","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62229","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62247","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62237","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62163","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62194","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15024"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22187","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22187"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500378","reference_id":"1500378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500378"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15024","reference_id":"CVE-2017-15024","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15024"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15024"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3az2-jj9s-7ffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31656?format=json","vulnerability_id":"VCID-6atd-3q2h-vfd5","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17123","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63166","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63272","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63306","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63225","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63255","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22509","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22509"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524509","reference_id":"1524509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524509"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17123","reference_id":"CVE-2017-17123","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17123"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17123"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6atd-3q2h-vfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83942?format=json","vulnerability_id":"VCID-92ag-7zjf-qfhj","summary":"binutils: Divide-by-zero in decode_line_info","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15025","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15025"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22186","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22186"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500375","reference_id":"1500375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500375"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15025","reference_id":"CVE-2017-15025","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15025"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15025"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92ag-7zjf-qfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31657?format=json","vulnerability_id":"VCID-b7ed-5vy7-8yb8","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17124","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.5971","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59828","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59842","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59783","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22507","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22507"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524510","reference_id":"1524510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524510"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17124","reference_id":"CVE-2017-17124","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17124"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17124"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ed-5vy7-8yb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83939?format=json","vulnerability_id":"VCID-bah7-vbh3-7ueg","summary":"binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15021","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15021"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22197","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22197"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500377","reference_id":"1500377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500377"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15021","reference_id":"CVE-2017-15021","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15021"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15021"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bah7-vbh3-7ueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31659?format=json","vulnerability_id":"VCID-csfh-sngk-qfga","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17126","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59129","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59203","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59227","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22510","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22510"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524498","reference_id":"1524498","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524498"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17126","reference_id":"CVE-2017-17126","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17126"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17126"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-csfh-sngk-qfga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83937?format=json","vulnerability_id":"VCID-e2yq-7v8c-z7hk","summary":"binutils: Heap-based buffer overflow in parse_die","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15020","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34608","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34823","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3485","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15020"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22202","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22202"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500372","reference_id":"1500372","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500372"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15020","reference_id":"CVE-2017-15020","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15020"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2yq-7v8c-z7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31655?format=json","vulnerability_id":"VCID-ftnk-2drc-jkdw","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17122","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62273","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62231","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22508","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22508"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524505","reference_id":"1524505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524505"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17122","reference_id":"CVE-2017-17122","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17122"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/5341-1/","reference_id":"USN-5341-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5341-1/"},{"reference_url":"https://usn.ubuntu.com/6413-1/","reference_id":"USN-6413-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6413-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17122"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnk-2drc-jkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60865?format=json","vulnerability_id":"VCID-mann-686a-8bec","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15023","reference_id":"","reference_type":"","scores":[{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65455","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65538","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65549","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.6556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65579","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65566","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65532","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15023"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22200","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22200"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf"},{"reference_url":"http://www.securityfocus.com/bid/101611","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101611"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500374","reference_id":"1500374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500374"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15023","reference_id":"CVE-2017-15023","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15023"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15023"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mann-686a-8bec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31658?format=json","vulnerability_id":"VCID-stn9-gqqb-7kae","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17125","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59129","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59203","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59227","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22443","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22443"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524511","reference_id":"1524511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524511"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17125","reference_id":"CVE-2017-17125","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17125"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17125"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-stn9-gqqb-7kae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60868?format=json","vulnerability_id":"VCID-yqbv-z58c-dycr","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15996","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54475","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54561","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54594","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54601","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54583","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54574","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54543","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15996"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22361","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22361"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b"},{"reference_url":"http://www.securityfocus.com/bid/101608","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515742","reference_id":"1515742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515742"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15996","reference_id":"CVE-2017-15996","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15996"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15996"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqbv-z58c-dycr"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.29.1-3"},{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.30-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.32-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83938?format=json","vulnerability_id":"VCID-3aht-pk4j-b3h5","summary":"binutils: NULL pointer dereference in dwarf2.c","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15022.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15022","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15022"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-bfd_hash_hash-hash-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15022"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22201","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22201"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=11855d8a1f11b102a702ab76e95b22082cccf2f8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500376","reference_id":"1500376","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500376"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15022","reference_id":"CVE-2017-15022","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15022"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15022"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3aht-pk4j-b3h5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83943?format=json","vulnerability_id":"VCID-3az2-jj9s-7ffj","summary":"binutils: Infinite recursion in find_abstract_instance_name","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15024.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15024","reference_id":"","reference_type":"","scores":[{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62103","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62216","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62162","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62229","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62247","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62237","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62163","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00425","scoring_system":"epss","scoring_elements":"0.62194","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15024"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-infinite-loop-in-find_abstract_instance_name-dwarf2-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15024"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22187","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22187"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52a93b95ec0771c97e26f0bb28630a271a667bd2"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500378","reference_id":"1500378","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500378"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15024","reference_id":"CVE-2017-15024","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15024"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15024"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3az2-jj9s-7ffj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31656?format=json","vulnerability_id":"VCID-6atd-3q2h-vfd5","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17123.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17123","reference_id":"","reference_type":"","scores":[{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63166","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63254","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6322","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63272","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63289","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63306","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.6329","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63225","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00442","scoring_system":"epss","scoring_elements":"0.63255","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17123"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17123"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22509","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22509"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=4581a1c7d304ce14e714b27522ebf3d0188d6543"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524509","reference_id":"1524509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524509"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17123","reference_id":"CVE-2017-17123","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17123"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17123"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6atd-3q2h-vfd5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83942?format=json","vulnerability_id":"VCID-92ag-7zjf-qfhj","summary":"binutils: Divide-by-zero in decode_line_info","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15025.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15025","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15025"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-divide-by-zero-in-decode_line_info-dwarf2-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15025"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22186","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22186"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d8010d3e75ec7194a4703774090b27486b742d48"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500375","reference_id":"1500375","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500375"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15025","reference_id":"CVE-2017-15025","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15025"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15025"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92ag-7zjf-qfhj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31657?format=json","vulnerability_id":"VCID-b7ed-5vy7-8yb8","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17124.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17124","reference_id":"","reference_type":"","scores":[{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.5971","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59846","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59777","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59828","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59842","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59862","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00387","scoring_system":"epss","scoring_elements":"0.59783","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17124"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17124"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22507","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22507"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=b0029dce6867de1a2828293177b0e030d2f0f03c"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524510","reference_id":"1524510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524510"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17124","reference_id":"CVE-2017-17124","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17124"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17124"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b7ed-5vy7-8yb8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83939?format=json","vulnerability_id":"VCID-bah7-vbh3-7ueg","summary":"binutils: Heap-based buffer over-read in bfd_get_debug_link_info_1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15021.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15021","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49383","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49433","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49392","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49442","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49459","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.4943","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49412","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49439","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15021"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-bfd_getl32-opncls-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15021"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22197","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22197"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=52b36c51e5bf6d7600fdc6ba115b170b0e78e31d"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500377","reference_id":"1500377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500377"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15021","reference_id":"CVE-2017-15021","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15021"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15021"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bah7-vbh3-7ueg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31659?format=json","vulnerability_id":"VCID-csfh-sngk-qfga","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17126.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17126","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59129","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59203","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59227","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17126"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17126"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22510","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22510"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=f425ec6600b69e39eb605f3128806ff688137ea8"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524498","reference_id":"1524498","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524498"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17126","reference_id":"CVE-2017-17126","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17126"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17126"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-csfh-sngk-qfga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83937?format=json","vulnerability_id":"VCID-e2yq-7v8c-z7hk","summary":"binutils: Heap-based buffer overflow in parse_die","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15020.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15020","reference_id":"","reference_type":"","scores":[{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34608","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34726","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34769","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34797","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34801","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34762","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.34823","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00144","scoring_system":"epss","scoring_elements":"0.3485","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15020"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-heap-based-buffer-overflow-in-parse_die-dwarf1-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15020"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22202","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22202"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=1da5c9a485f3dcac4c45e96ef4b7dae5948314b5"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500372","reference_id":"1500372","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500372"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15020","reference_id":"CVE-2017-15020","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15020"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15020"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e2yq-7v8c-z7hk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31655?format=json","vulnerability_id":"VCID-ftnk-2drc-jkdw","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17122.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17122","reference_id":"","reference_type":"","scores":[{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62247","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62265","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62283","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62273","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62201","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00426","scoring_system":"epss","scoring_elements":"0.62231","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17122"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17122"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22508","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22508"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d785b7d4b877ed465d04072e17ca19d0f47d840f"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524505","reference_id":"1524505","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524505"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17122","reference_id":"CVE-2017-17122","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17122"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/5341-1/","reference_id":"USN-5341-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5341-1/"},{"reference_url":"https://usn.ubuntu.com/6413-1/","reference_id":"USN-6413-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6413-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17122"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ftnk-2drc-jkdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60865?format=json","vulnerability_id":"VCID-mann-686a-8bec","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15023","reference_id":"","reference_type":"","scores":[{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65455","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65538","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65496","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65549","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.6556","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65579","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65566","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65504","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00489","scoring_system":"epss","scoring_elements":"0.65532","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15023"},{"reference_url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/","reference_id":"","reference_type":"","scores":[],"url":"https://blogs.gentoo.org/ago/2017/10/03/binutils-null-pointer-dereference-in-concat_filename-dwarf2-c/"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15023"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22200","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22200"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=c361faae8d964db951b7100cada4dcdc983df1bf"},{"reference_url":"http://www.securityfocus.com/bid/101611","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101611"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500374","reference_id":"1500374","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1500374"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15023","reference_id":"CVE-2017-15023","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15023"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15023"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mann-686a-8bec"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31658?format=json","vulnerability_id":"VCID-stn9-gqqb-7kae","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-17125.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17125","reference_id":"","reference_type":"","scores":[{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59129","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59241","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59192","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59244","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59257","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59277","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.5926","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59203","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00377","scoring_system":"epss","scoring_elements":"0.59227","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-17125"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17125"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22443","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22443"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=160b1a618ad94988410dc81fce9189fcda5b7ff4"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524511","reference_id":"1524511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1524511"},{"reference_url":"https://security.archlinux.org/AVG-538","reference_id":"AVG-538","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-538"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17125","reference_id":"CVE-2017-17125","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-17125"},{"reference_url":"https://security.gentoo.org/glsa/201811-17","reference_id":"GLSA-201811-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201811-17"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-17125"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-stn9-gqqb-7kae"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60868?format=json","vulnerability_id":"VCID-yqbv-z58c-dycr","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-15996.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15996","reference_id":"","reference_type":"","scores":[{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54475","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54561","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54594","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54601","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54583","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.5455","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54574","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00314","scoring_system":"epss","scoring_elements":"0.54543","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-15996"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15996"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22361","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=22361"},{"reference_url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git%3Bh=d91f0b20e561e326ee91a09a76206257bde8438b"},{"reference_url":"http://www.securityfocus.com/bid/101608","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101608"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515742","reference_id":"1515742","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515742"},{"reference_url":"https://security.archlinux.org/AVG-435","reference_id":"AVG-435","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-435"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.29:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15996","reference_id":"CVE-2017-15996","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-15996"},{"reference_url":"https://security.gentoo.org/glsa/201801-01","reference_id":"GLSA-201801-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-01"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372846?format=json","purl":"pkg:alpm/archlinux/binutils@2.30-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"}],"aliases":["CVE-2017-15996"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yqbv-z58c-dycr"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.30-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372624?format=json","purl":"pkg:alpm/archlinux/binutils@2.31.1-4","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.31.1-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.32-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58588?format=json","vulnerability_id":"VCID-24yc-9zfd-skax","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19932","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61829","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61958","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.6199","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61979","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61951","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61969","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658949","reference_id":"1658949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658949"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://security.gentoo.org/glsa/201908-01","reference_id":"GLSA-201908-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-01"},{"reference_url":"https://usn.ubuntu.com/4336-1/","reference_id":"USN-4336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-1/"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-19932"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24yc-9zfd-skax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82915?format=json","vulnerability_id":"VCID-98ww-99gn-xyar","summary":"libiberty: heap-based buffer over-read in d_expression_1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20712","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74019","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74067","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74056","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74074","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74025","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74051","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74022","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20712"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629","reference_id":"","reference_type":"","scores":[],"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=24043","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=24043"},{"reference_url":"https://support.f5.com/csp/article/K38336243","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K38336243"},{"reference_url":"http://www.securityfocus.com/bid/106563","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668269","reference_id":"1668269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668269"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20712","reference_id":"CVE-2018-20712","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-20712"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98ww-99gn-xyar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58587?format=json","vulnerability_id":"VCID-kuzy-t7d8-kfhd","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19931","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55027","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55151","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55169","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55152","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55177","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658947","reference_id":"1658947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658947"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://security.gentoo.org/glsa/201908-01","reference_id":"GLSA-201908-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-01"},{"reference_url":"https://usn.ubuntu.com/4336-1/","reference_id":"USN-4336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-1/"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-19931"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuzy-t7d8-kfhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58589?format=json","vulnerability_id":"VCID-w17q-m7sf-23fx","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20002","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54537","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54598","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54645","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54607","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5465","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55957","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661534","reference_id":"1661534","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661534"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://security.gentoo.org/glsa/201908-01","reference_id":"GLSA-201908-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-01"},{"reference_url":"https://usn.ubuntu.com/4336-1/","reference_id":"USN-4336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-1/"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-20002"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w17q-m7sf-23fx"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.31.1-4"},{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.32-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.36-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58588?format=json","vulnerability_id":"VCID-24yc-9zfd-skax","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19932.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19932","reference_id":"","reference_type":"","scores":[{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61829","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61958","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.6199","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61979","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61902","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61951","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0042","scoring_system":"epss","scoring_elements":"0.61969","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19932"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19932"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658949","reference_id":"1658949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658949"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://security.gentoo.org/glsa/201908-01","reference_id":"GLSA-201908-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-01"},{"reference_url":"https://usn.ubuntu.com/4336-1/","reference_id":"USN-4336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-1/"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-19932"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-24yc-9zfd-skax"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82915?format=json","vulnerability_id":"VCID-98ww-99gn-xyar","summary":"libiberty: heap-based buffer over-read in d_expression_1","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20712.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20712","reference_id":"","reference_type":"","scores":[{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74019","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74067","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74056","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.7407","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74092","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74074","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74025","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74051","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00801","scoring_system":"epss","scoring_elements":"0.74022","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20712"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20712"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629","reference_id":"","reference_type":"","scores":[],"url":"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=88629"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=24043","reference_id":"","reference_type":"","scores":[],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=24043"},{"reference_url":"https://support.f5.com/csp/article/K38336243","reference_id":"","reference_type":"","scores":[],"url":"https://support.f5.com/csp/article/K38336243"},{"reference_url":"http://www.securityfocus.com/bid/106563","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/106563"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668269","reference_id":"1668269","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1668269"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gnu:binutils:2.31.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20712","reference_id":"CVE-2018-20712","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-20712"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-20712"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-98ww-99gn-xyar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58587?format=json","vulnerability_id":"VCID-kuzy-t7d8-kfhd","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19931.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19931","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55027","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55151","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55169","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55152","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55127","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55177","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19931"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19931"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658947","reference_id":"1658947","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1658947"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://security.gentoo.org/glsa/201908-01","reference_id":"GLSA-201908-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-01"},{"reference_url":"https://usn.ubuntu.com/4336-1/","reference_id":"USN-4336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-1/"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-19931"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kuzy-t7d8-kfhd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58589?format=json","vulnerability_id":"VCID-w17q-m7sf-23fx","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which may allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-20002.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20002","reference_id":"","reference_type":"","scores":[{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54537","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54598","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54645","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54658","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5464","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.54607","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5463","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00315","scoring_system":"epss","scoring_elements":"0.5465","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0033","scoring_system":"epss","scoring_elements":"0.55957","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-20002"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20002"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661534","reference_id":"1661534","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661534"},{"reference_url":"https://security.archlinux.org/ASA-201906-3","reference_id":"ASA-201906-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201906-3"},{"reference_url":"https://security.archlinux.org/AVG-832","reference_id":"AVG-832","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-832"},{"reference_url":"https://security.gentoo.org/glsa/201908-01","reference_id":"GLSA-201908-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-01"},{"reference_url":"https://usn.ubuntu.com/4336-1/","reference_id":"USN-4336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-1/"},{"reference_url":"https://usn.ubuntu.com/4336-2/","reference_id":"USN-4336-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4336-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372625?format=json","purl":"pkg:alpm/archlinux/binutils@2.32-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"}],"aliases":["CVE-2018-20002"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w17q-m7sf-23fx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.32-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373925?format=json","purl":"pkg:alpm/archlinux/binutils@2.35.1-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.35.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.36-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49739?format=json","vulnerability_id":"VCID-7sc8-fzw3-vfer","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35448","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32892","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32762","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5566","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55678","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55634","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55689","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950478","reference_id":"1950478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950478"},{"reference_url":"https://security.archlinux.org/AVG-1385","reference_id":"AVG-1385","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1385"},{"reference_url":"https://security.gentoo.org/glsa/202107-24","reference_id":"GLSA-202107-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4364","reference_id":"RHSA-2021:4364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4364"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373926?format=json","purl":"pkg:alpm/archlinux/binutils@2.36-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1"}],"aliases":["CVE-2020-35448"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sc8-fzw3-vfer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47234?format=json","vulnerability_id":"VCID-vepg-jnnm-97d7","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20294","reference_id":"","reference_type":"","scores":[{"value":"0.1586","scoring_system":"epss","scoring_elements":"0.94712","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1586","scoring_system":"epss","scoring_elements":"0.94724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1586","scoring_system":"epss","scoring_elements":"0.9472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95857","published_at":"2026-04-08T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.9586","published_at":"2026-04-09T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95863","published_at":"2026-04-12T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95848","published_at":"2026-04-07T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95864","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1943533","reference_id":"1943533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1943533"},{"reference_url":"https://security.archlinux.org/AVG-1385","reference_id":"AVG-1385","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1385"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373926?format=json","purl":"pkg:alpm/archlinux/binutils@2.36-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1"}],"aliases":["CVE-2021-20294"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vepg-jnnm-97d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47229?format=json","vulnerability_id":"VCID-xrpd-jdfr-ebeq","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947111","reference_id":"1947111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947111"},{"reference_url":"https://security.archlinux.org/AVG-1385","reference_id":"AVG-1385","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1385"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4364","reference_id":"RHSA-2021:4364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4364"},{"reference_url":"https://usn.ubuntu.com/5124-1/","reference_id":"USN-5124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5124-1/"},{"reference_url":"https://usn.ubuntu.com/5341-1/","reference_id":"USN-5341-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5341-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373926?format=json","purl":"pkg:alpm/archlinux/binutils@2.36-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1"}],"aliases":["CVE-2021-3487"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrpd-jdfr-ebeq"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.35.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373926?format=json","purl":"pkg:alpm/archlinux/binutils@2.36-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.36-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.37-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49739?format=json","vulnerability_id":"VCID-7sc8-fzw3-vfer","summary":"Multiple vulnerabilities have been found in Binutils, the worst of\n    which could result in a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35448.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35448","reference_id":"","reference_type":"","scores":[{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32892","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32762","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00132","scoring_system":"epss","scoring_elements":"0.32927","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.5566","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55678","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55634","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00327","scoring_system":"epss","scoring_elements":"0.55689","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35448"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950478","reference_id":"1950478","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1950478"},{"reference_url":"https://security.archlinux.org/AVG-1385","reference_id":"AVG-1385","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1385"},{"reference_url":"https://security.gentoo.org/glsa/202107-24","reference_id":"GLSA-202107-24","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202107-24"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4364","reference_id":"RHSA-2021:4364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4364"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373926?format=json","purl":"pkg:alpm/archlinux/binutils@2.36-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1"}],"aliases":["CVE-2020-35448"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sc8-fzw3-vfer"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47234?format=json","vulnerability_id":"VCID-vepg-jnnm-97d7","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json","reference_id":"","reference_type":"","scores":[{"value":"7.0","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20294.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20294","reference_id":"","reference_type":"","scores":[{"value":"0.1586","scoring_system":"epss","scoring_elements":"0.94712","published_at":"2026-04-01T12:55:00Z"},{"value":"0.1586","scoring_system":"epss","scoring_elements":"0.94724","published_at":"2026-04-04T12:55:00Z"},{"value":"0.1586","scoring_system":"epss","scoring_elements":"0.9472","published_at":"2026-04-02T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95857","published_at":"2026-04-08T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.9586","published_at":"2026-04-09T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95863","published_at":"2026-04-12T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95848","published_at":"2026-04-07T12:55:00Z"},{"value":"0.22712","scoring_system":"epss","scoring_elements":"0.95864","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20294"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20294"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1943533","reference_id":"1943533","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1943533"},{"reference_url":"https://security.archlinux.org/AVG-1385","reference_id":"AVG-1385","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1385"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373926?format=json","purl":"pkg:alpm/archlinux/binutils@2.36-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1"}],"aliases":["CVE-2021-20294"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vepg-jnnm-97d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47229?format=json","vulnerability_id":"VCID-xrpd-jdfr-ebeq","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3487.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947111","reference_id":"1947111","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1947111"},{"reference_url":"https://security.archlinux.org/AVG-1385","reference_id":"AVG-1385","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1385"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4364","reference_id":"RHSA-2021:4364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4364"},{"reference_url":"https://usn.ubuntu.com/5124-1/","reference_id":"USN-5124-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5124-1/"},{"reference_url":"https://usn.ubuntu.com/5341-1/","reference_id":"USN-5341-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5341-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373926?format=json","purl":"pkg:alpm/archlinux/binutils@2.36-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1"}],"aliases":["CVE-2021-3487"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xrpd-jdfr-ebeq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373274?format=json","purl":"pkg:alpm/archlinux/binutils@2.36.1-3","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.36.1-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.37-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47230?format=json","vulnerability_id":"VCID-4uea-bxbr-2kdz","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3530","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57639","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57719","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57774","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57776","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956423","reference_id":"1956423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956423"},{"reference_url":"https://security.archlinux.org/AVG-1540","reference_id":"AVG-1540","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1540"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373275?format=json","purl":"pkg:alpm/archlinux/binutils@2.38-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1"}],"aliases":["CVE-2021-3530"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uea-bxbr-2kdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80238?format=json","vulnerability_id":"VCID-cafq-79j3-uue5","summary":"binutils: infinite loop while demangling rust symbols","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982320","reference_id":"1982320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982320"},{"reference_url":"https://security.archlinux.org/AVG-1540","reference_id":"AVG-1540","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1540"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373275?format=json","purl":"pkg:alpm/archlinux/binutils@2.38-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1"}],"aliases":["CVE-2021-3648"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cafq-79j3-uue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47231?format=json","vulnerability_id":"VCID-uv5p-15z7-fqcn","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3549","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41213","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41259","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.5717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57182","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57161","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57168","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57141","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1960717","reference_id":"1960717","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1960717"},{"reference_url":"https://security.archlinux.org/AVG-2002","reference_id":"AVG-2002","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2002"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374704?format=json","purl":"pkg:alpm/archlinux/binutils@2.37-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.37-1"}],"aliases":["CVE-2021-3549"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5p-15z7-fqcn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47232?format=json","vulnerability_id":"VCID-znqk-35mz-dqfk","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20197","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30284","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30313","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30177","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30238","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30272","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30232","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913743","reference_id":"1913743","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913743"},{"reference_url":"https://security.archlinux.org/AVG-1540","reference_id":"AVG-1540","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1540"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://security.gentoo.org/glsa/202208-30"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210528-0009/","reference_id":"ntap-20210528-0009","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210528-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4364","reference_id":"RHSA-2021:4364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4364"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=26945","reference_id":"show_bug.cgi?id=26945","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=26945"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373275?format=json","purl":"pkg:alpm/archlinux/binutils@2.38-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1"}],"aliases":["CVE-2021-20197"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znqk-35mz-dqfk"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.36.1-3"},{"url":"http://public2.vulnerablecode.io/api/packages/374704?format=json","purl":"pkg:alpm/archlinux/binutils@2.37-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.37-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.38-1","latest_non_vulnerable_version":"2.38-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47231?format=json","vulnerability_id":"VCID-uv5p-15z7-fqcn","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3549.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3549","reference_id":"","reference_type":"","scores":[{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41213","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41259","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41307","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00193","scoring_system":"epss","scoring_elements":"0.41335","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.5717","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57182","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57161","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57168","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00346","scoring_system":"epss","scoring_elements":"0.57141","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3549"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3549"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1960717","reference_id":"1960717","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1960717"},{"reference_url":"https://security.archlinux.org/AVG-2002","reference_id":"AVG-2002","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2002"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374704?format=json","purl":"pkg:alpm/archlinux/binutils@2.37-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.37-1"}],"aliases":["CVE-2021-3549"],"risk_score":2.8,"exploitability":"0.5","weighted_severity":"5.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uv5p-15z7-fqcn"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.37-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373275?format=json","purl":"pkg:alpm/archlinux/binutils@2.38-1","type":"alpm","namespace":"archlinux","name":"binutils","version":"2.38-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47230?format=json","vulnerability_id":"VCID-4uea-bxbr-2kdz","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3530.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3530","reference_id":"","reference_type":"","scores":[{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57639","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5775","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57791","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.5777","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57724","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57745","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57719","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57774","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00354","scoring_system":"epss","scoring_elements":"0.57776","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3530"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3530"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956423","reference_id":"1956423","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1956423"},{"reference_url":"https://security.archlinux.org/AVG-1540","reference_id":"AVG-1540","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1540"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-30"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373275?format=json","purl":"pkg:alpm/archlinux/binutils@2.38-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1"}],"aliases":["CVE-2021-3530"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4uea-bxbr-2kdz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80238?format=json","vulnerability_id":"VCID-cafq-79j3-uue5","summary":"binutils: infinite loop while demangling rust symbols","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3648.json"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982320","reference_id":"1982320","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1982320"},{"reference_url":"https://security.archlinux.org/AVG-1540","reference_id":"AVG-1540","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1540"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373275?format=json","purl":"pkg:alpm/archlinux/binutils@2.38-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1"}],"aliases":["CVE-2021-3648"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cafq-79j3-uue5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47232?format=json","vulnerability_id":"VCID-znqk-35mz-dqfk","summary":"Multiple vulnerabilities have been discovered in Binutils, the worst of which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-20197.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20197","reference_id":"","reference_type":"","scores":[{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30284","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30186","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30313","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30177","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30238","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30272","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00115","scoring_system":"epss","scoring_elements":"0.30232","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-20197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20197"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913743","reference_id":"1913743","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1913743"},{"reference_url":"https://security.archlinux.org/AVG-1540","reference_id":"AVG-1540","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1540"},{"reference_url":"https://security.gentoo.org/glsa/202208-30","reference_id":"GLSA-202208-30","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://security.gentoo.org/glsa/202208-30"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210528-0009/","reference_id":"ntap-20210528-0009","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210528-0009/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4364","reference_id":"RHSA-2021:4364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4364"},{"reference_url":"https://sourceware.org/bugzilla/show_bug.cgi?id=26945","reference_id":"show_bug.cgi?id=26945","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-12-03T15:08:08Z/"}],"url":"https://sourceware.org/bugzilla/show_bug.cgi?id=26945"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373275?format=json","purl":"pkg:alpm/archlinux/binutils@2.38-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1"}],"aliases":["CVE-2021-20197"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znqk-35mz-dqfk"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/binutils@2.38-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373175?format=json","purl":"pkg:alpm/archlinux/bitcoin-daemon@22.0-1","type":"alpm","namespace":"archlinux","name":"bitcoin-daemon","version":"22.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/257038?format=json","vulnerability_id":"VCID-573d-byea-r7cg","summary":"bitcoind in Bitcoin Core through 0.21.0 can create a new file in an arbitrary directory (e.g., outside the ~/.bitcoin directory) via a dumpwallet RPC call. NOTE: this reportedly does not violate the security model of Bitcoin Core, but can violate the security model of a fork that has implemented dumpwallet restrictions","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3195","reference_id":"","reference_type":"","scores":[{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5006","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.5001","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50048","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50076","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50026","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50074","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50091","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00266","scoring_system":"epss","scoring_elements":"0.50064","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3195"},{"reference_url":"https://security.archlinux.org/AVG-1486","reference_id":"AVG-1486","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1486"}],"fixed_packages":[],"aliases":["CVE-2021-3195"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-573d-byea-r7cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/250278?format=json","vulnerability_id":"VCID-9g6t-dcaz-1kh3","summary":"Bitcoin Core 0.12.0 through 0.21.1 does not properly implement the replacement policy specified in BIP125, which makes it easier for attackers to trigger a loss of funds, or a denial of service attack against downstream projects such as Lightning network nodes. An unconfirmed child transaction with nSequence = 0xff_ff_ff_ff, spending an unconfirmed parent with nSequence <= 0xff_ff_ff_fd, should be replaceable because there is inherited signaling by the child transaction. However, the actual PreChecks implementation does not enforce this. Instead, mempool rejects the replacement attempt of the unconfirmed child transaction.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31876","reference_id":"","reference_type":"","scores":[{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65409","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.6533","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65378","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65405","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65368","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65421","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65432","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65451","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00487","scoring_system":"epss","scoring_elements":"0.65437","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-31876"},{"reference_url":"https://security.archlinux.org/AVG-1486","reference_id":"AVG-1486","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1486"}],"fixed_packages":[],"aliases":["CVE-2021-31876"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9g6t-dcaz-1kh3"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-daemon@22.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374365?format=json","purl":"pkg:alpm/archlinux/bitcoin-qt@0.16.2-2","type":"alpm","namespace":"archlinux","name":"bitcoin-qt","version":"0.16.2-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.16.3-1","latest_non_vulnerable_version":"0.16.3-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=json","vulnerability_id":"VCID-mxhd-tkw3-vfd1","summary":"Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144","reference_id":"","reference_type":"","scores":[{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97881","published_at":"2026-04-08T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97887","published_at":"2026-04-11T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97888","published_at":"2026-04-12T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97957","published_at":"2026-04-01T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.9796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97962","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-201809-1","reference_id":"ASA-201809-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-1"},{"reference_url":"https://security.archlinux.org/ASA-201809-2","reference_id":"ASA-201809-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-2"},{"reference_url":"https://security.archlinux.org/AVG-766","reference_id":"AVG-766","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-766"},{"reference_url":"https://security.archlinux.org/AVG-768","reference_id":"AVG-768","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374366?format=json","purl":"pkg:alpm/archlinux/bitcoin-qt@0.16.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.3-1"}],"aliases":["CVE-2018-17144"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.2-2"},{"url":"http://public2.vulnerablecode.io/api/packages/374366?format=json","purl":"pkg:alpm/archlinux/bitcoin-qt@0.16.3-1","type":"alpm","namespace":"archlinux","name":"bitcoin-qt","version":"0.16.3-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=json","vulnerability_id":"VCID-mxhd-tkw3-vfd1","summary":"Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144","reference_id":"","reference_type":"","scores":[{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97881","published_at":"2026-04-08T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97887","published_at":"2026-04-11T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97888","published_at":"2026-04-12T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97957","published_at":"2026-04-01T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.9796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97962","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-201809-1","reference_id":"ASA-201809-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-1"},{"reference_url":"https://security.archlinux.org/ASA-201809-2","reference_id":"ASA-201809-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-2"},{"reference_url":"https://security.archlinux.org/AVG-766","reference_id":"AVG-766","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-766"},{"reference_url":"https://security.archlinux.org/AVG-768","reference_id":"AVG-768","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374366?format=json","purl":"pkg:alpm/archlinux/bitcoin-qt@0.16.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.3-1"}],"aliases":["CVE-2018-17144"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-qt@0.16.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374363?format=json","purl":"pkg:alpm/archlinux/bitcoin-tx@0.16.2-2","type":"alpm","namespace":"archlinux","name":"bitcoin-tx","version":"0.16.2-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"0.16.3-1","latest_non_vulnerable_version":"0.16.3-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=json","vulnerability_id":"VCID-mxhd-tkw3-vfd1","summary":"Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144","reference_id":"","reference_type":"","scores":[{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97881","published_at":"2026-04-08T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97887","published_at":"2026-04-11T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97888","published_at":"2026-04-12T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97957","published_at":"2026-04-01T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.9796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97962","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-201809-1","reference_id":"ASA-201809-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-1"},{"reference_url":"https://security.archlinux.org/ASA-201809-2","reference_id":"ASA-201809-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-2"},{"reference_url":"https://security.archlinux.org/AVG-766","reference_id":"AVG-766","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-766"},{"reference_url":"https://security.archlinux.org/AVG-768","reference_id":"AVG-768","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374364?format=json","purl":"pkg:alpm/archlinux/bitcoin-tx@0.16.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.3-1"}],"aliases":["CVE-2018-17144"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.2-2"},{"url":"http://public2.vulnerablecode.io/api/packages/374364?format=json","purl":"pkg:alpm/archlinux/bitcoin-tx@0.16.3-1","type":"alpm","namespace":"archlinux","name":"bitcoin-tx","version":"0.16.3-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93586?format=json","vulnerability_id":"VCID-mxhd-tkw3-vfd1","summary":"Bitcoin Core 0.14.x before 0.14.3, 0.15.x before 0.15.2, and 0.16.x before 0.16.3 and Bitcoin Knots 0.14.x through 0.16.x before 0.16.3 allow a remote denial of service (application crash) exploitable by miners via duplicate input. An attacker can make bitcoind or Bitcoin-Qt crash.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144","reference_id":"","reference_type":"","scores":[{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97889","published_at":"2026-04-13T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97877","published_at":"2026-04-07T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97881","published_at":"2026-04-08T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97884","published_at":"2026-04-09T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97887","published_at":"2026-04-11T12:55:00Z"},{"value":"0.51467","scoring_system":"epss","scoring_elements":"0.97888","published_at":"2026-04-12T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97957","published_at":"2026-04-01T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.9796","published_at":"2026-04-02T12:55:00Z"},{"value":"0.53268","scoring_system":"epss","scoring_elements":"0.97962","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17144"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17144"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.archlinux.org/ASA-201809-1","reference_id":"ASA-201809-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-1"},{"reference_url":"https://security.archlinux.org/ASA-201809-2","reference_id":"ASA-201809-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201809-2"},{"reference_url":"https://security.archlinux.org/AVG-766","reference_id":"AVG-766","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-766"},{"reference_url":"https://security.archlinux.org/AVG-768","reference_id":"AVG-768","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-768"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374364?format=json","purl":"pkg:alpm/archlinux/bitcoin-tx@0.16.3-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.3-1"}],"aliases":["CVE-2018-17144"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mxhd-tkw3-vfd1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bitcoin-tx@0.16.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/370922?format=json","purl":"pkg:alpm/archlinux/blender@17:3.0.1-6","type":"alpm","namespace":"archlinux","name":"blender","version":"17:3.0.1-6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"17:3.1.0-1","latest_non_vulnerable_version":"17:3.1.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37518?format=json","vulnerability_id":"VCID-3feg-t1sc-puhk","summary":"Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0546","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66082","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66116","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66079","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66178","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66121","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546"},{"reference_url":"https://security.archlinux.org/AVG-2799","reference_id":"AVG-2799","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2799"},{"reference_url":"https://security.gentoo.org/glsa/202403-02","reference_id":"GLSA-202403-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202403-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/370923?format=json","purl":"pkg:alpm/archlinux/blender@17:3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1"}],"aliases":["CVE-2022-0546"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3feg-t1sc-puhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37515?format=json","vulnerability_id":"VCID-anrz-grzm-bued","summary":"Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0545","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5913","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.5916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59063","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59188","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59175","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59136","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546"},{"reference_url":"https://security.archlinux.org/AVG-2799","reference_id":"AVG-2799","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2799"},{"reference_url":"https://security.gentoo.org/glsa/202403-02","reference_id":"GLSA-202403-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202403-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/370923?format=json","purl":"pkg:alpm/archlinux/blender@17:3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1"}],"aliases":["CVE-2022-0545"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anrz-grzm-bued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37511?format=json","vulnerability_id":"VCID-qsqj-j8s1-6qfq","summary":"Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0544","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33811","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34181","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34113","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34014","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546"},{"reference_url":"https://security.archlinux.org/AVG-2799","reference_id":"AVG-2799","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2799"},{"reference_url":"https://security.gentoo.org/glsa/202403-02","reference_id":"GLSA-202403-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202403-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/370923?format=json","purl":"pkg:alpm/archlinux/blender@17:3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1"}],"aliases":["CVE-2022-0544"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsqj-j8s1-6qfq"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.0.1-6"},{"url":"http://public2.vulnerablecode.io/api/packages/370923?format=json","purl":"pkg:alpm/archlinux/blender@17:3.1.0-1","type":"alpm","namespace":"archlinux","name":"blender","version":"17:3.1.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37518?format=json","vulnerability_id":"VCID-3feg-t1sc-puhk","summary":"Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0546","reference_id":"","reference_type":"","scores":[{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66082","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00503","scoring_system":"epss","scoring_elements":"0.66112","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66148","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66116","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66079","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66178","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66197","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66165","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00504","scoring_system":"epss","scoring_elements":"0.66121","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546"},{"reference_url":"https://security.archlinux.org/AVG-2799","reference_id":"AVG-2799","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2799"},{"reference_url":"https://security.gentoo.org/glsa/202403-02","reference_id":"GLSA-202403-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202403-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/370923?format=json","purl":"pkg:alpm/archlinux/blender@17:3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1"}],"aliases":["CVE-2022-0546"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3feg-t1sc-puhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37515?format=json","vulnerability_id":"VCID-anrz-grzm-bued","summary":"Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0545","reference_id":"","reference_type":"","scores":[{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.59111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00375","scoring_system":"epss","scoring_elements":"0.5913","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.5916","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59063","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59188","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59208","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59175","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00376","scoring_system":"epss","scoring_elements":"0.59136","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546"},{"reference_url":"https://security.archlinux.org/AVG-2799","reference_id":"AVG-2799","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2799"},{"reference_url":"https://security.gentoo.org/glsa/202403-02","reference_id":"GLSA-202403-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202403-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/370923?format=json","purl":"pkg:alpm/archlinux/blender@17:3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1"}],"aliases":["CVE-2022-0545"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-anrz-grzm-bued"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37511?format=json","vulnerability_id":"VCID-qsqj-j8s1-6qfq","summary":"Multiple vulnerabilities have been discovered in Blender, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0544","reference_id":"","reference_type":"","scores":[{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33991","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.33811","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34181","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34041","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34113","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00139","scoring_system":"epss","scoring_elements":"0.34014","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0545"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0546"},{"reference_url":"https://security.archlinux.org/AVG-2799","reference_id":"AVG-2799","reference_type":"","scores":[{"value":"Unknown","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2799"},{"reference_url":"https://security.gentoo.org/glsa/202403-02","reference_id":"GLSA-202403-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202403-02"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/370923?format=json","purl":"pkg:alpm/archlinux/blender@17:3.1.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1"}],"aliases":["CVE-2022-0544"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qsqj-j8s1-6qfq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blender@17:3.1.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372274?format=json","purl":"pkg:alpm/archlinux/blueman@2.1.3-1","type":"alpm","namespace":"archlinux","name":"blueman","version":"2.1.3-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.1.4-1","latest_non_vulnerable_version":"2.1.4-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62553?format=json","vulnerability_id":"VCID-jgqj-mqt7-vucy","summary":"A privilege escalation vulnerability has been discovered in\n    Blueman.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15238","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63616","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63676","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63662","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63714","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.6373","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63745","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63731","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718","reference_id":"973718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718"},{"reference_url":"https://security.archlinux.org/ASA-202012-12","reference_id":"ASA-202012-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-12"},{"reference_url":"https://security.archlinux.org/AVG-1259","reference_id":"AVG-1259","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1259"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt","reference_id":"CVE-2020-15238","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt"},{"reference_url":"https://security.gentoo.org/glsa/202011-11","reference_id":"GLSA-202011-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202011-11"},{"reference_url":"https://usn.ubuntu.com/4605-1/","reference_id":"USN-4605-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4605-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372275?format=json","purl":"pkg:alpm/archlinux/blueman@2.1.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.4-1"}],"aliases":["CVE-2020-15238"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgqj-mqt7-vucy"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.3-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372275?format=json","purl":"pkg:alpm/archlinux/blueman@2.1.4-1","type":"alpm","namespace":"archlinux","name":"blueman","version":"2.1.4-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62553?format=json","vulnerability_id":"VCID-jgqj-mqt7-vucy","summary":"A privilege escalation vulnerability has been discovered in\n    Blueman.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15238","reference_id":"","reference_type":"","scores":[{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63697","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63616","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63676","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63702","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63662","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63714","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.6373","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63745","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00451","scoring_system":"epss","scoring_elements":"0.63731","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-15238"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15238"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718","reference_id":"973718","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973718"},{"reference_url":"https://security.archlinux.org/ASA-202012-12","reference_id":"ASA-202012-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202012-12"},{"reference_url":"https://security.archlinux.org/AVG-1259","reference_id":"AVG-1259","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1259"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt","reference_id":"CVE-2020-15238","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/48963.txt"},{"reference_url":"https://security.gentoo.org/glsa/202011-11","reference_id":"GLSA-202011-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202011-11"},{"reference_url":"https://usn.ubuntu.com/4605-1/","reference_id":"USN-4605-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4605-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372275?format=json","purl":"pkg:alpm/archlinux/blueman@2.1.4-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.4-1"}],"aliases":["CVE-2020-15238"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jgqj-mqt7-vucy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/blueman@2.1.4-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372930?format=json","purl":"pkg:alpm/archlinux/bluez@5.46-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.46-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.46-2","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63536?format=json","vulnerability_id":"VCID-yrc6-qjud-zqaf","summary":"security update","references":[{"reference_url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","reference_id":"","reference_type":"","scores":[],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2017-1000250","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2017-1000250"},{"reference_url":"https://access.redhat.com/security/vulnerabilities/blueborne","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/vulnerabilities/blueborne"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000250","reference_id":"","reference_type":"","scores":[{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97124","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97153","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97152","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.9713","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.armis.com/blueborne","reference_id":"","reference_type":"","scores":[],"url":"https://www.armis.com/blueborne"},{"reference_url":"https://www.kb.cert.org/vuls/id/240311","reference_id":"","reference_type":"","scores":[],"url":"https://www.kb.cert.org/vuls/id/240311"},{"reference_url":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"},{"reference_url":"http://www.debian.org/security/2017/dsa-3972","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3972"},{"reference_url":"http://www.securityfocus.com/bid/100814","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100814"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489446","reference_id":"1489446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633","reference_id":"875633","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633"},{"reference_url":"https://security.archlinux.org/ASA-201709-3","reference_id":"ASA-201709-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201709-3"},{"reference_url":"https://security.archlinux.org/AVG-396","reference_id":"AVG-396","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-396"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000250","reference_id":"CVE-2017-1000250","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2685","reference_id":"RHSA-2017:2685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2685"},{"reference_url":"https://usn.ubuntu.com/3413-1/","reference_id":"USN-3413-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3413-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372931?format=json","purl":"pkg:alpm/archlinux/bluez@5.46-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-2"}],"aliases":["CVE-2017-1000250"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrc6-qjud-zqaf"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372931?format=json","purl":"pkg:alpm/archlinux/bluez@5.46-2","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.46-2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.54-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63536?format=json","vulnerability_id":"VCID-yrc6-qjud-zqaf","summary":"security update","references":[{"reference_url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561","reference_id":"","reference_type":"","scores":[],"url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000250.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2017-1000250","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/CVE-2017-1000250"},{"reference_url":"https://access.redhat.com/security/vulnerabilities/blueborne","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/vulnerabilities/blueborne"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000250","reference_id":"","reference_type":"","scores":[{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97124","published_at":"2026-04-01T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97153","published_at":"2026-04-13T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97136","published_at":"2026-04-04T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97147","published_at":"2026-04-09T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97151","published_at":"2026-04-11T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.97152","published_at":"2026-04-12T12:55:00Z"},{"value":"0.36932","scoring_system":"epss","scoring_elements":"0.9713","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000250"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"},{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.armis.com/blueborne","reference_id":"","reference_type":"","scores":[],"url":"https://www.armis.com/blueborne"},{"reference_url":"https://www.kb.cert.org/vuls/id/240311","reference_id":"","reference_type":"","scores":[],"url":"https://www.kb.cert.org/vuls/id/240311"},{"reference_url":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne","reference_id":"","reference_type":"","scores":[],"url":"https://www.synology.com/support/security/Synology_SA_17_52_BlueBorne"},{"reference_url":"http://www.debian.org/security/2017/dsa-3972","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3972"},{"reference_url":"http://www.securityfocus.com/bid/100814","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/100814"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489446","reference_id":"1489446","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1489446"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633","reference_id":"875633","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=875633"},{"reference_url":"https://security.archlinux.org/ASA-201709-3","reference_id":"ASA-201709-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201709-3"},{"reference_url":"https://security.archlinux.org/AVG-396","reference_id":"AVG-396","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-396"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000250","reference_id":"CVE-2017-1000250","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:P/I:N/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-1000250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2685","reference_id":"RHSA-2017:2685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2685"},{"reference_url":"https://usn.ubuntu.com/3413-1/","reference_id":"USN-3413-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3413-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372931?format=json","purl":"pkg:alpm/archlinux/bluez@5.46-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-2"}],"aliases":["CVE-2017-1000250"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yrc6-qjud-zqaf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.46-2"},{"url":"http://public2.vulnerablecode.io/api/packages/372415?format=json","purl":"pkg:alpm/archlinux/bluez@5.53-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.53-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.54-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62350?format=json","vulnerability_id":"VCID-zyyf-565p-h7d6","summary":"A vulnerability in BlueZ might allow remote attackers to bypass\n    security restrictions.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0556","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36955","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37041","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37053","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37029","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.3716","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.3699","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html"},{"reference_url":"https://www.debian.org/security/2020/dsa-4647","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4647"},{"reference_url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1814293","reference_id":"1814293","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1814293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770","reference_id":"953770","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770"},{"reference_url":"https://security.archlinux.org/ASA-202003-13","reference_id":"ASA-202003-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202003-13"},{"reference_url":"https://security.archlinux.org/AVG-1116","reference_id":"AVG-1116","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1116"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0556","reference_id":"CVE-2020-0556","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0556"},{"reference_url":"https://security.gentoo.org/glsa/202003-49","reference_id":"GLSA-202003-49","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4001","reference_id":"RHSA-2020:4001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4481","reference_id":"RHSA-2020:4481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4481"},{"reference_url":"https://usn.ubuntu.com/4311-1/","reference_id":"USN-4311-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4311-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372416?format=json","purl":"pkg:alpm/archlinux/bluez@5.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.54-1"}],"aliases":["CVE-2020-0556"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyf-565p-h7d6"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.53-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372416?format=json","purl":"pkg:alpm/archlinux/bluez@5.54-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.54-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.56-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62350?format=json","vulnerability_id":"VCID-zyyf-565p-h7d6","summary":"A vulnerability in BlueZ might allow remote attackers to bypass\n    security restrictions.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00055.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-0556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0556","reference_id":"","reference_type":"","scores":[{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.36955","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37002","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37041","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37053","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37063","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37029","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.37128","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.3716","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00161","scoring_system":"epss","scoring_elements":"0.3699","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-0556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0556"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/06/msg00008.html"},{"reference_url":"https://www.debian.org/security/2020/dsa-4647","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4647"},{"reference_url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00352.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1814293","reference_id":"1814293","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1814293"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770","reference_id":"953770","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953770"},{"reference_url":"https://security.archlinux.org/ASA-202003-13","reference_id":"ASA-202003-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202003-13"},{"reference_url":"https://security.archlinux.org/AVG-1116","reference_id":"AVG-1116","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1116"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bluez:bluez:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0556","reference_id":"CVE-2020-0556","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:A/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-0556"},{"reference_url":"https://security.gentoo.org/glsa/202003-49","reference_id":"GLSA-202003-49","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-49"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4001","reference_id":"RHSA-2020:4001","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4001"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4481","reference_id":"RHSA-2020:4481","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4481"},{"reference_url":"https://usn.ubuntu.com/4311-1/","reference_id":"USN-4311-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4311-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372416?format=json","purl":"pkg:alpm/archlinux/bluez@5.54-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.54-1"}],"aliases":["CVE-2020-0556"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zyyf-565p-h7d6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.54-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373698?format=json","purl":"pkg:alpm/archlinux/bluez@5.55-3","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.55-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.56-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62512?format=json","vulnerability_id":"VCID-6d8c-y2y7-t3cj","summary":"Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3588","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31148","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31226","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31182","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31317","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3119","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31221","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970592","reference_id":"1970592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970592"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700","reference_id":"989700","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700"},{"reference_url":"https://security.archlinux.org/AVG-2061","reference_id":"AVG-2061","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2061"},{"reference_url":"https://security.gentoo.org/glsa/202209-16","reference_id":"GLSA-202209-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-16"},{"reference_url":"https://usn.ubuntu.com/4989-1/","reference_id":"USN-4989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373699?format=json","purl":"pkg:alpm/archlinux/bluez@5.56-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-1"}],"aliases":["CVE-2021-3588"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d8c-y2y7-t3cj"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.55-3"},{"url":"http://public2.vulnerablecode.io/api/packages/373699?format=json","purl":"pkg:alpm/archlinux/bluez@5.56-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.56-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.57-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62512?format=json","vulnerability_id":"VCID-6d8c-y2y7-t3cj","summary":"Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3588.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3588","reference_id":"","reference_type":"","scores":[{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31148","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31139","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31226","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31182","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31276","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31317","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31137","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.3119","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00121","scoring_system":"epss","scoring_elements":"0.31221","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3588"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3588"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970592","reference_id":"1970592","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1970592"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700","reference_id":"989700","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989700"},{"reference_url":"https://security.archlinux.org/AVG-2061","reference_id":"AVG-2061","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2061"},{"reference_url":"https://security.gentoo.org/glsa/202209-16","reference_id":"GLSA-202209-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-16"},{"reference_url":"https://usn.ubuntu.com/4989-1/","reference_id":"USN-4989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4989-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373699?format=json","purl":"pkg:alpm/archlinux/bluez@5.56-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-1"}],"aliases":["CVE-2021-3588"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6d8c-y2y7-t3cj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373703?format=json","purl":"pkg:alpm/archlinux/bluez@5.56-2","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.56-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.57-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62510?format=json","vulnerability_id":"VCID-ctaf-8vuf-tqgg","summary":"Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26558","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06206","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06312","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06337","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06329","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06324","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0624","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06271","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06296","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1918602","reference_id":"1918602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1918602"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614","reference_id":"989614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614"},{"reference_url":"https://security.archlinux.org/AVG-2049","reference_id":"AVG-2049","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2049"},{"reference_url":"https://security.archlinux.org/AVG-2050","reference_id":"AVG-2050","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2050"},{"reference_url":"https://security.gentoo.org/glsa/202209-16","reference_id":"GLSA-202209-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4432","reference_id":"RHSA-2021:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4432"},{"reference_url":"https://usn.ubuntu.com/4989-1/","reference_id":"USN-4989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4989-1/"},{"reference_url":"https://usn.ubuntu.com/4989-2/","reference_id":"USN-4989-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4989-2/"},{"reference_url":"https://usn.ubuntu.com/5017-1/","reference_id":"USN-5017-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5017-1/"},{"reference_url":"https://usn.ubuntu.com/5018-1/","reference_id":"USN-5018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5018-1/"},{"reference_url":"https://usn.ubuntu.com/5046-1/","reference_id":"USN-5046-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5046-1/"},{"reference_url":"https://usn.ubuntu.com/5050-1/","reference_id":"USN-5050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5050-1/"},{"reference_url":"https://usn.ubuntu.com/5299-1/","reference_id":"USN-5299-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5299-1/"},{"reference_url":"https://usn.ubuntu.com/5343-1/","reference_id":"USN-5343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373704?format=json","purl":"pkg:alpm/archlinux/bluez@5.57-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.57-1"}],"aliases":["CVE-2020-26558"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctaf-8vuf-tqgg"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.56-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373704?format=json","purl":"pkg:alpm/archlinux/bluez@5.57-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.57-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.61-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62510?format=json","vulnerability_id":"VCID-ctaf-8vuf-tqgg","summary":"Multiple vulnerabilities have been discovered in BlueZ, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-26558.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26558","reference_id":"","reference_type":"","scores":[{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06206","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06312","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06337","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06329","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06324","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0624","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06271","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.0625","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00023","scoring_system":"epss","scoring_elements":"0.06296","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-26558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26558"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27153"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0129"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1918602","reference_id":"1918602","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1918602"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614","reference_id":"989614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989614"},{"reference_url":"https://security.archlinux.org/AVG-2049","reference_id":"AVG-2049","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2049"},{"reference_url":"https://security.archlinux.org/AVG-2050","reference_id":"AVG-2050","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2050"},{"reference_url":"https://security.gentoo.org/glsa/202209-16","reference_id":"GLSA-202209-16","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202209-16"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4432","reference_id":"RHSA-2021:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4432"},{"reference_url":"https://usn.ubuntu.com/4989-1/","reference_id":"USN-4989-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4989-1/"},{"reference_url":"https://usn.ubuntu.com/4989-2/","reference_id":"USN-4989-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4989-2/"},{"reference_url":"https://usn.ubuntu.com/5017-1/","reference_id":"USN-5017-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5017-1/"},{"reference_url":"https://usn.ubuntu.com/5018-1/","reference_id":"USN-5018-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5018-1/"},{"reference_url":"https://usn.ubuntu.com/5046-1/","reference_id":"USN-5046-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5046-1/"},{"reference_url":"https://usn.ubuntu.com/5050-1/","reference_id":"USN-5050-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5050-1/"},{"reference_url":"https://usn.ubuntu.com/5299-1/","reference_id":"USN-5299-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5299-1/"},{"reference_url":"https://usn.ubuntu.com/5343-1/","reference_id":"USN-5343-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5343-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373704?format=json","purl":"pkg:alpm/archlinux/bluez@5.57-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.57-1"}],"aliases":["CVE-2020-26558"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ctaf-8vuf-tqgg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.57-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374767?format=json","purl":"pkg:alpm/archlinux/bluez@5.60-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.60-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.61-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80129?format=json","vulnerability_id":"VCID-15pa-mh4x-13ch","summary":"bluez: adapter incorrectly restores Discoverable state after powered down","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3658","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22114","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22155","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22256","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22215","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22183","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22237","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984728","reference_id":"1984728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596","reference_id":"991596","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596"},{"reference_url":"https://security.archlinux.org/AVG-2231","reference_id":"AVG-2231","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2231"},{"reference_url":"https://usn.ubuntu.com/5155-1/","reference_id":"USN-5155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5155-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374768?format=json","purl":"pkg:alpm/archlinux/bluez@5.61-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.61-1"}],"aliases":["CVE-2021-3658"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15pa-mh4x-13ch"}],"fixing_vulnerabilities":[],"risk_score":"2.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.60-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374768?format=json","purl":"pkg:alpm/archlinux/bluez@5.61-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.61-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"5.63-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80129?format=json","vulnerability_id":"VCID-15pa-mh4x-13ch","summary":"bluez: adapter incorrectly restores Discoverable state after powered down","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3658.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3658","reference_id":"","reference_type":"","scores":[{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22114","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22155","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22256","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22215","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22273","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22315","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22101","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22183","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00073","scoring_system":"epss","scoring_elements":"0.22237","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3658"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3658"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984728","reference_id":"1984728","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1984728"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596","reference_id":"991596","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991596"},{"reference_url":"https://security.archlinux.org/AVG-2231","reference_id":"AVG-2231","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2231"},{"reference_url":"https://usn.ubuntu.com/5155-1/","reference_id":"USN-5155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5155-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374768?format=json","purl":"pkg:alpm/archlinux/bluez@5.61-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.61-1"}],"aliases":["CVE-2021-3658"],"risk_score":2.0,"exploitability":"0.5","weighted_severity":"4.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-15pa-mh4x-13ch"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.61-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373277?format=json","purl":"pkg:alpm/archlinux/bluez@5.62-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.62-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"5.63-1","latest_non_vulnerable_version":"5.63-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79927?format=json","vulnerability_id":"VCID-g2pd-d2mm-8fd3","summary":"bluez: memory leak in the SDP protocol","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41229","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13504","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13568","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1353","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13665","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13545","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13595","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262","reference_id":"1000262","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2025034","reference_id":"2025034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2025034"},{"reference_url":"https://security.archlinux.org/AVG-2553","reference_id":"AVG-2553","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2081","reference_id":"RHSA-2022:2081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2081"},{"reference_url":"https://usn.ubuntu.com/5155-1/","reference_id":"USN-5155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5155-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373278?format=json","purl":"pkg:alpm/archlinux/bluez@5.63-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.63-1"}],"aliases":["CVE-2021-41229"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2pd-d2mm-8fd3"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.62-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373278?format=json","purl":"pkg:alpm/archlinux/bluez@5.63-1","type":"alpm","namespace":"archlinux","name":"bluez","version":"5.63-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/79927?format=json","vulnerability_id":"VCID-g2pd-d2mm-8fd3","summary":"bluez: memory leak in the SDP protocol","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-41229.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41229","reference_id":"","reference_type":"","scores":[{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13504","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13482","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13568","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.1353","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13604","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13665","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13545","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00044","scoring_system":"epss","scoring_elements":"0.13595","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-41229"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41229"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262","reference_id":"1000262","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1000262"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2025034","reference_id":"2025034","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2025034"},{"reference_url":"https://security.archlinux.org/AVG-2553","reference_id":"AVG-2553","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2553"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2081","reference_id":"RHSA-2022:2081","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2081"},{"reference_url":"https://usn.ubuntu.com/5155-1/","reference_id":"USN-5155-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5155-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373278?format=json","purl":"pkg:alpm/archlinux/bluez@5.63-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.63-1"}],"aliases":["CVE-2021-41229"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g2pd-d2mm-8fd3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bluez@5.63-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374502?format=json","purl":"pkg:alpm/archlinux/botan@2.2.0-1","type":"alpm","namespace":"archlinux","name":"botan","version":"2.2.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.3.0-1","latest_non_vulnerable_version":"2.18.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167615?format=json","vulnerability_id":"VCID-8nmu-s87y-wycj","summary":"A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14737","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16227","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16293","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16096","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1628","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16141","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14737"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:P/I:N/A:N"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/randombit/botan/issues/1222","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/randombit/botan/issues/1222"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html"},{"reference_url":"https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai","reference_id":"","reference_type":"","scores":[],"url":"https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai"},{"reference_url":"https://security.archlinux.org/ASA-201710-17","reference_id":"ASA-201710-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-17"},{"reference_url":"https://security.archlinux.org/AVG-416","reference_id":"AVG-416","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-416"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14737","reference_id":"CVE-2017-14737","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374503?format=json","purl":"pkg:alpm/archlinux/botan@2.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.3.0-1"}],"aliases":["CVE-2017-14737"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nmu-s87y-wycj"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.2.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374503?format=json","purl":"pkg:alpm/archlinux/botan@2.3.0-1","type":"alpm","namespace":"archlinux","name":"botan","version":"2.3.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.18.2-1","latest_non_vulnerable_version":"2.18.2-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/167615?format=json","vulnerability_id":"VCID-8nmu-s87y-wycj","summary":"A cryptographic cache-based side channel in the RSA implementation in Botan before 1.10.17, and 1.11.x and 2.x before 2.3.0, allows a local attacker to recover information about RSA secret keys, as demonstrated by CacheD. This occurs because an array is indexed with bits derived from a secret key.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14737","reference_id":"","reference_type":"","scores":[{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16167","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16227","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16293","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16275","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16235","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16096","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.1628","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16341","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00052","scoring_system":"epss","scoring_elements":"0.16141","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-14737"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:H/Au:S/C:P/I:N/A:N"},{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/randombit/botan/issues/1222","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/randombit/botan/issues/1222"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2021/11/msg00006.html"},{"reference_url":"https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai","reference_id":"","reference_type":"","scores":[],"url":"https://www.usenix.org/conference/usenixsecurity17/technical-sessions/presentation/wang-shuai"},{"reference_url":"https://security.archlinux.org/ASA-201710-17","reference_id":"ASA-201710-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-17"},{"reference_url":"https://security.archlinux.org/AVG-416","reference_id":"AVG-416","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-416"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.11:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.12:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.13:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.14:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.15:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.16:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.17:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.18:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.19:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.22:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.23:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.24:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.25:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.26:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.28:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.3:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.34:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.4:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.8:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:1.11.9:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:botan_project:botan:2.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14737","reference_id":"CVE-2017-14737","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-14737"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374503?format=json","purl":"pkg:alpm/archlinux/botan@2.3.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.3.0-1"}],"aliases":["CVE-2017-14737"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8nmu-s87y-wycj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.3.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373397?format=json","purl":"pkg:alpm/archlinux/botan@2.18.1-1","type":"alpm","namespace":"archlinux","name":"botan","version":"2.18.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.18.2-1","latest_non_vulnerable_version":"2.18.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11195?format=json","vulnerability_id":"VCID-xffg-w6fz-yqfj","summary":"Use of a Broken or Risky Cryptographic Algorithm\nThe ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40529","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53242","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53307","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53341","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840","reference_id":"993840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840"},{"reference_url":"https://security.archlinux.org/AVG-2362","reference_id":"AVG-2362","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2362"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40529","reference_id":"CVE-2021-40529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40529"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373398?format=json","purl":"pkg:alpm/archlinux/botan@2.18.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.2-1"}],"aliases":["CVE-2021-40529"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xffg-w6fz-yqfj"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373398?format=json","purl":"pkg:alpm/archlinux/botan@2.18.2-1","type":"alpm","namespace":"archlinux","name":"botan","version":"2.18.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11195?format=json","vulnerability_id":"VCID-xffg-w6fz-yqfj","summary":"Use of a Broken or Risky Cryptographic Algorithm\nThe ElGamal implementation in Botan, as used in Thunderbird and other products, allows plaintext recovery because, during interaction between two cryptographic libraries, a certain dangerous combination of the prime defined by the receiver's public key, the generator defined by the receiver's public key, and the sender's ephemeral exponents can lead to a cross-configuration attack against OpenPGP.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40529","reference_id":"","reference_type":"","scores":[{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53325","published_at":"2026-04-13T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53242","published_at":"2026-04-01T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53265","published_at":"2026-04-02T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.5326","published_at":"2026-04-07T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53312","published_at":"2026-04-08T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53307","published_at":"2026-04-09T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53357","published_at":"2026-04-11T12:55:00Z"},{"value":"0.003","scoring_system":"epss","scoring_elements":"0.53341","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-40529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40529"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840","reference_id":"993840","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993840"},{"reference_url":"https://security.archlinux.org/AVG-2362","reference_id":"AVG-2362","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2362"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40529","reference_id":"CVE-2021-40529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-40529"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373398?format=json","purl":"pkg:alpm/archlinux/botan@2.18.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.2-1"}],"aliases":["CVE-2021-40529"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xffg-w6fz-yqfj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/botan@2.18.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374224?format=json","purl":"pkg:alpm/archlinux/brotli@1.0.7-1","type":"alpm","namespace":"archlinux","name":"brotli","version":"1.0.7-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.0.9-1","latest_non_vulnerable_version":"1.0.9-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6142?format=json","vulnerability_id":"VCID-69ua-s6h2-3uhc","summary":"A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36846","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6754","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67627","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6764","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67663","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67649","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36846"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8927","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54138","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54146","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54185","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54135","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54086","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54083","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54065","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bitemyapp/brotli2-rs","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bitemyapp/brotli2-rs"},{"reference_url":"https://github.com/bitemyapp/brotli2-rs/issues/45","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bitemyapp/brotli2-rs/issues/45"},{"reference_url":"https://github.com/github/advisory-database/issues/785","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/issues/785"},{"reference_url":"https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"},{"reference_url":"https://github.com/google/brotli/releases/tag/v1.0.8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/releases/tag/v1.0.8"},{"reference_url":"https://github.com/google/brotli/releases/tag/v1.0.9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/releases/tag/v1.0.9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8927"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0131.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0131.html"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0132.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0132.html"},{"reference_url":"https://usn.ubuntu.com/4568-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4568-1"},{"reference_url":"https://usn.ubuntu.com/4568-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4568-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4801","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879225","reference_id":"1879225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879225"},{"reference_url":"https://github.com/google/brotli/pull/826","reference_id":"826","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/google/brotli/pull/826"},{"reference_url":"https://security.archlinux.org/ASA-202009-12","reference_id":"ASA-202009-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-12"},{"reference_url":"https://security.archlinux.org/ASA-202009-13","reference_id":"ASA-202009-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-13"},{"reference_url":"https://security.archlinux.org/AVG-1230","reference_id":"AVG-1230","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1230"},{"reference_url":"https://security.archlinux.org/AVG-1231","reference_id":"AVG-1231","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1231"},{"reference_url":"https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52","reference_id":"Changes#L52","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52"},{"reference_url":"https://github.com/advisories/GHSA-5v8v-66v8-mwm7","reference_id":"GHSA-5v8v-66v8-mwm7","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1702","reference_id":"RHSA-2021:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0827","reference_id":"RHSA-2022:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0828","reference_id":"RHSA-2022:0828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0829","reference_id":"RHSA-2022:0829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0830","reference_id":"RHSA-2022:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0830"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374225?format=json","purl":"pkg:alpm/archlinux/brotli@1.0.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.9-1"}],"aliases":["BIT-brotli-2020-8927","BIT-dotnet-2020-8927","BIT-dotnet-sdk-2020-8927","BIT-powershell-2020-8927","CVE-2020-36846","CVE-2020-8927","GHSA-5v8v-66v8-mwm7","GO-2025-3726","PYSEC-2020-29","RUSTSEC-2021-0131","RUSTSEC-2021-0132"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69ua-s6h2-3uhc"}],"fixing_vulnerabilities":[],"risk_score":"4.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.7-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374225?format=json","purl":"pkg:alpm/archlinux/brotli@1.0.9-1","type":"alpm","namespace":"archlinux","name":"brotli","version":"1.0.9-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6142?format=json","vulnerability_id":"VCID-69ua-s6h2-3uhc","summary":"A buffer overflow exists in the Brotli library versions prior to 1.0.8 where an attacker controlling the input length of a \"one-shot\" decompression request to a script can trigger a crash, which happens when copying over chunks of data larger than 2 GiB. It is recommended to update your Brotli library to 1.0.8 or later. If one cannot update, we recommend to use the \"streaming\" API as opposed to the \"one-shot\" API, and impose chunk size limits.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2020-09/msg00108.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8927.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36846","reference_id":"","reference_type":"","scores":[{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67617","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6754","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67576","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67627","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67598","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.6764","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67663","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0054","scoring_system":"epss","scoring_elements":"0.67649","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36846"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8927","reference_id":"","reference_type":"","scores":[{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54138","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54146","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54167","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54185","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54135","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54086","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54112","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54083","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0031","scoring_system":"epss","scoring_elements":"0.54065","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8927"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8927"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/bitemyapp/brotli2-rs","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bitemyapp/brotli2-rs"},{"reference_url":"https://github.com/bitemyapp/brotli2-rs/issues/45","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/bitemyapp/brotli2-rs/issues/45"},{"reference_url":"https://github.com/github/advisory-database/issues/785","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/github/advisory-database/issues/785"},{"reference_url":"https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/google/brotli/commit/223d80cfbec8fd346e32906c732c8ede21f0cea6"},{"reference_url":"https://github.com/google/brotli/releases/tag/v1.0.8","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/releases/tag/v1.0.8"},{"reference_url":"https://github.com/google/brotli/releases/tag/v1.0.9","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/google/brotli/releases/tag/v1.0.9"},{"reference_url":"https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/pypa/advisory-database/tree/main/vulns/brotli/PYSEC-2020-29.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.debian.org/debian-lts-announce/2020/12/msg00003.html"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/356JOYTWW4BWSZ42SEFLV7NYHL3S3AEH/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TOGTZ2ZWDH662ZNFFSZVL3M5AJXV6JF"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J4E265WKWKYMK2RYYSIXBEGZTDY5IQE6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M4VCDOJGL6BK3HB4XRD2WETBPYX2ITF6/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MMBKACMLSRX7JJSKBTR35UOEP2WFR6QP/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MQLM7ABVCYJLF6JRPF3M3EBXW63GNC27"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W23CUADGMVMQQNFKHPHXVP7RPZJZNN6I/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WW62OZEY2GHJL4JCOLJRBSRETXDHMWRK/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZXEQ3GQVELA2T4HNZG7VPMS2HDVXMJRG"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8927","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8927"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0131.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0131.html"},{"reference_url":"https://rustsec.org/advisories/RUSTSEC-2021-0132.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://rustsec.org/advisories/RUSTSEC-2021-0132.html"},{"reference_url":"https://usn.ubuntu.com/4568-1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://usn.ubuntu.com/4568-1"},{"reference_url":"https://usn.ubuntu.com/4568-1/","reference_id":"","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4568-1/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4801","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L"},{"value":"6.9","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.debian.org/security/2020/dsa-4801"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879225","reference_id":"1879225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1879225"},{"reference_url":"https://github.com/google/brotli/pull/826","reference_id":"826","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/google/brotli/pull/826"},{"reference_url":"https://security.archlinux.org/ASA-202009-12","reference_id":"ASA-202009-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-12"},{"reference_url":"https://security.archlinux.org/ASA-202009-13","reference_id":"ASA-202009-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-13"},{"reference_url":"https://security.archlinux.org/AVG-1230","reference_id":"AVG-1230","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1230"},{"reference_url":"https://security.archlinux.org/AVG-1231","reference_id":"AVG-1231","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1231"},{"reference_url":"https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52","reference_id":"Changes#L52","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/timlegge/perl-IO-Compress-Brotli/blob/8b44c83b23bb4658179e1494af4b725a1bc476bc/Changes#L52"},{"reference_url":"https://github.com/advisories/GHSA-5v8v-66v8-mwm7","reference_id":"GHSA-5v8v-66v8-mwm7","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-05-30T14:40:47Z/"}],"url":"https://github.com/advisories/GHSA-5v8v-66v8-mwm7"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1702","reference_id":"RHSA-2021:1702","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1702"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0827","reference_id":"RHSA-2022:0827","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0827"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0828","reference_id":"RHSA-2022:0828","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0828"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0829","reference_id":"RHSA-2022:0829","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0829"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0830","reference_id":"RHSA-2022:0830","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0830"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374225?format=json","purl":"pkg:alpm/archlinux/brotli@1.0.9-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.9-1"}],"aliases":["BIT-brotli-2020-8927","BIT-dotnet-2020-8927","BIT-dotnet-sdk-2020-8927","BIT-powershell-2020-8927","CVE-2020-36846","CVE-2020-8927","GHSA-5v8v-66v8-mwm7","GO-2025-3726","PYSEC-2020-29","RUSTSEC-2021-0131","RUSTSEC-2021-0132"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-69ua-s6h2-3uhc"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/brotli@1.0.9-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372869?format=json","purl":"pkg:alpm/archlinux/busybox@1.27.2-1","type":"alpm","namespace":"archlinux","name":"busybox","version":"1.27.2-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.28.1-1","latest_non_vulnerable_version":"1.34.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47306?format=json","vulnerability_id":"VCID-dktd-xqjr-h7h1","summary":"Multiple vulnerabilities have been found in BusyBox, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16544","reference_id":"","reference_type":"","scores":[{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87206","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87229","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87256","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87263","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87258","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Mar/15","reference_id":"15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2020/Mar/15"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515713","reference_id":"1515713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515713"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Aug/20","reference_id":"20","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2020/Aug/20"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Aug/21","reference_id":"21","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Aug/21"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Jan/39","reference_id":"39","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Jan/39"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Sep/6","reference_id":"6","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2020/Sep/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258","reference_id":"882258","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258"},{"reference_url":"https://security.archlinux.org/ASA-201803-1","reference_id":"ASA-201803-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-1"},{"reference_url":"https://security.archlinux.org/ASA-201803-2","reference_id":"ASA-201803-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-2"},{"reference_url":"https://security.archlinux.org/AVG-512","reference_id":"AVG-512","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-512"},{"reference_url":"https://security.archlinux.org/AVG-514","reference_id":"AVG-514","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-514"},{"reference_url":"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/","reference_id":"cve-2017-16544-busybox-autocompletion-vulnerability","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"},{"reference_url":"https://security.gentoo.org/glsa/201803-12","reference_id":"GLSA-201803-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-12"},{"reference_url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01","reference_id":"icsa-20-240-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"},{"reference_url":"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8","reference_id":"?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"},{"reference_url":"https://usn.ubuntu.com/3935-1/","reference_id":"USN-3935-1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://usn.ubuntu.com/3935-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372870?format=json","purl":"pkg:alpm/archlinux/busybox@1.28.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.28.1-1"}],"aliases":["CVE-2017-16544"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dktd-xqjr-h7h1"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.27.2-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372870?format=json","purl":"pkg:alpm/archlinux/busybox@1.28.1-1","type":"alpm","namespace":"archlinux","name":"busybox","version":"1.28.1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.32.1-4","latest_non_vulnerable_version":"1.34.1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47306?format=json","vulnerability_id":"VCID-dktd-xqjr-h7h1","summary":"Multiple vulnerabilities have been found in BusyBox, the worst of\n    which could allow remote attackers to execute arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-16544.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16544","reference_id":"","reference_type":"","scores":[{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87216","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87206","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87232","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87229","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87249","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87256","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87268","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87263","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03313","scoring_system":"epss","scoring_elements":"0.87258","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16544"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16544"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.9","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:C/I:C/A:C"},{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Mar/15","reference_id":"15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2020/Mar/15"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515713","reference_id":"1515713","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1515713"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Aug/20","reference_id":"20","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2020/Aug/20"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Aug/21","reference_id":"21","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Aug/21"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Jan/39","reference_id":"39","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2021/Jan/39"},{"reference_url":"http://seclists.org/fulldisclosure/2020/Sep/6","reference_id":"6","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"http://seclists.org/fulldisclosure/2020/Sep/6"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258","reference_id":"882258","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=882258"},{"reference_url":"https://security.archlinux.org/ASA-201803-1","reference_id":"ASA-201803-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-1"},{"reference_url":"https://security.archlinux.org/ASA-201803-2","reference_id":"ASA-201803-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-2"},{"reference_url":"https://security.archlinux.org/AVG-512","reference_id":"AVG-512","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-512"},{"reference_url":"https://security.archlinux.org/AVG-514","reference_id":"AVG-514","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-514"},{"reference_url":"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/","reference_id":"cve-2017-16544-busybox-autocompletion-vulnerability","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/"},{"reference_url":"https://security.gentoo.org/glsa/201803-12","reference_id":"GLSA-201803-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-12"},{"reference_url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01","reference_id":"icsa-20-240-01","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://us-cert.cisa.gov/ics/advisories/icsa-20-240-01"},{"reference_url":"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8","reference_id":"?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://git.busybox.net/busybox/commit/?id=c3797d40a1c57352192c6106cc0f435e7d9c11e8"},{"reference_url":"https://usn.ubuntu.com/3935-1/","reference_id":"USN-3935-1","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:34:08Z/"}],"url":"https://usn.ubuntu.com/3935-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372870?format=json","purl":"pkg:alpm/archlinux/busybox@1.28.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.28.1-1"}],"aliases":["CVE-2017-16544"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dktd-xqjr-h7h1"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.28.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374836?format=json","purl":"pkg:alpm/archlinux/busybox@1.32.1-3","type":"alpm","namespace":"archlinux","name":"busybox","version":"1.32.1-3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.32.1-4","latest_non_vulnerable_version":"1.34.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39478?format=json","vulnerability_id":"VCID-vpmv-afzs-tffj","summary":"A vulnerability in BusyBox might allow remote attackers to cause a\n    Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28831","reference_id":"","reference_type":"","scores":[{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77155","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77217","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77161","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77205","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77241","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.7722","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1941028","reference_id":"1941028","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1941028"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/","reference_id":"3UDQGJRECXFS5EZVDH2OI45FMO436AC4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674","reference_id":"985674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674"},{"reference_url":"https://security.archlinux.org/ASA-202103-11","reference_id":"ASA-202103-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-11"},{"reference_url":"https://security.archlinux.org/ASA-202103-12","reference_id":"ASA-202103-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-12"},{"reference_url":"https://security.archlinux.org/AVG-1707","reference_id":"AVG-1707","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1707"},{"reference_url":"https://security.archlinux.org/AVG-1708","reference_id":"AVG-1708","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1708"},{"reference_url":"https://security.gentoo.org/glsa/202105-09","reference_id":"GLSA-202105-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://security.gentoo.org/glsa/202105-09"},{"reference_url":"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd","reference_id":"?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"},{"reference_url":"https://usn.ubuntu.com/5179-2/","reference_id":"USN-5179-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-2/"},{"reference_url":"https://usn.ubuntu.com/6335-1/","reference_id":"USN-6335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6335-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/","reference_id":"Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/","reference_id":"ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374837?format=json","purl":"pkg:alpm/archlinux/busybox@1.32.1-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-4"}],"aliases":["CVE-2021-28831"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmv-afzs-tffj"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-3"},{"url":"http://public2.vulnerablecode.io/api/packages/374837?format=json","purl":"pkg:alpm/archlinux/busybox@1.32.1-4","type":"alpm","namespace":"archlinux","name":"busybox","version":"1.32.1-4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.34.1-1","latest_non_vulnerable_version":"1.34.1-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39478?format=json","vulnerability_id":"VCID-vpmv-afzs-tffj","summary":"A vulnerability in BusyBox might allow remote attackers to cause a\n    Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-28831.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28831","reference_id":"","reference_type":"","scores":[{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77155","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77217","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77161","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77191","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77173","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77205","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77214","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.77241","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01019","scoring_system":"epss","scoring_elements":"0.7722","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-28831"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28831"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1941028","reference_id":"1941028","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1941028"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/","reference_id":"3UDQGJRECXFS5EZVDH2OI45FMO436AC4","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3UDQGJRECXFS5EZVDH2OI45FMO436AC4/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674","reference_id":"985674","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=985674"},{"reference_url":"https://security.archlinux.org/ASA-202103-11","reference_id":"ASA-202103-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-11"},{"reference_url":"https://security.archlinux.org/ASA-202103-12","reference_id":"ASA-202103-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202103-12"},{"reference_url":"https://security.archlinux.org/AVG-1707","reference_id":"AVG-1707","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1707"},{"reference_url":"https://security.archlinux.org/AVG-1708","reference_id":"AVG-1708","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1708"},{"reference_url":"https://security.gentoo.org/glsa/202105-09","reference_id":"GLSA-202105-09","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://security.gentoo.org/glsa/202105-09"},{"reference_url":"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd","reference_id":"?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://git.busybox.net/busybox/commit/?id=f25d254dfd4243698c31a4f3153d4ac72aa9e9bd"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html","reference_id":"msg00001.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/04/msg00001.html"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"},{"reference_url":"https://usn.ubuntu.com/5179-2/","reference_id":"USN-5179-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-2/"},{"reference_url":"https://usn.ubuntu.com/6335-1/","reference_id":"USN-6335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6335-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/","reference_id":"Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7ZIFKPRR32ZYA3WAA2NXFA3QHHOU6FJ/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/","reference_id":"ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AC:L/AV:N/A:H/C:N/I:N/PR:N/S:U/UI:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-17T21:57:33Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZASBW7QRRLY5V2R44MQ4QQM4CZIDHM2U/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374837?format=json","purl":"pkg:alpm/archlinux/busybox@1.32.1-4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-4"}],"aliases":["CVE-2021-28831"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vpmv-afzs-tffj"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.32.1-4"},{"url":"http://public2.vulnerablecode.io/api/packages/373364?format=json","purl":"pkg:alpm/archlinux/busybox@1.33.1-1","type":"alpm","namespace":"archlinux","name":"busybox","version":"1.33.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.34.1-1","latest_non_vulnerable_version":"1.34.1-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40694?format=json","vulnerability_id":"VCID-4muk-rhx5-yqeu","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42386","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52665","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52681","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023938","reference_id":"2023938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023938"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42386"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4muk-rhx5-yqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40693?format=json","vulnerability_id":"VCID-4qpt-mxfy-6bh6","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42385","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52665","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52681","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023936","reference_id":"2023936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023936"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42385"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qpt-mxfy-6bh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40685?format=json","vulnerability_id":"VCID-8r73-bpac-dubc","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42377","reference_id":"","reference_type":"","scores":[{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86243","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.8624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86184","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86197","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86217","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023895","reference_id":"2023895","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023895"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8r73-bpac-dubc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40683?format=json","vulnerability_id":"VCID-92nk-cwc9-rkg4","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42375","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19135","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19076","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19115","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19168","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19128","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023888","reference_id":"2023888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023888"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42375"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92nk-cwc9-rkg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40692?format=json","vulnerability_id":"VCID-9fex-zr2n-w3cb","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42384","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46555","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023933","reference_id":"2023933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023933"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42384"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fex-zr2n-w3cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40688?format=json","vulnerability_id":"VCID-dse8-esmh-3ygm","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42380","reference_id":"","reference_type":"","scores":[{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63716","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63676","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63745","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63759","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64309","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64251","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023912","reference_id":"2023912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023912"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42380"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dse8-esmh-3ygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40687?format=json","vulnerability_id":"VCID-gdfa-8gar-47gd","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42379","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46555","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42379"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023904","reference_id":"2023904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023904"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42379"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdfa-8gar-47gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40686?format=json","vulnerability_id":"VCID-jjxj-yf1x-4qg5","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42378","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46555","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023900","reference_id":"2023900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023900"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42378"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxj-yf1x-4qg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=json","vulnerability_id":"VCID-mdmz-hjvu-hke3","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42382","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.54992","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55093","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55143","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55135","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023929","reference_id":"2023929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023929"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42382"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdmz-hjvu-hke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40689?format=json","vulnerability_id":"VCID-r12h-q1dj-a7b8","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42381","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.54992","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55093","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55143","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55135","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023927","reference_id":"2023927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023927"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42381"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r12h-q1dj-a7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40681?format=json","vulnerability_id":"VCID-rp81-5jrg-jkht","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42373","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2428","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24249","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24407","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24439","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24222","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24288","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023876","reference_id":"2023876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023876"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42373"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp81-5jrg-jkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40691?format=json","vulnerability_id":"VCID-svyb-nqje-dbcs","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42383","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5225","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52188","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52215","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5218","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52229","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5228","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52264","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023931","reference_id":"2023931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023931"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42383"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svyb-nqje-dbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40682?format=json","vulnerability_id":"VCID-tkat-gfks-kqg9","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42374","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20042","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20022","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20244","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19969","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20126","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.2008","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023881","reference_id":"2023881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023881"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42374"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkat-gfks-kqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40684?format=json","vulnerability_id":"VCID-vjyq-6k64-7fat","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42376","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13819","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13815","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13902","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13958","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13843","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023891","reference_id":"2023891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42376"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjyq-6k64-7fat"}],"fixing_vulnerabilities":[],"risk_score":"3.2","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.33.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","type":"alpm","namespace":"archlinux","name":"busybox","version":"1.34.1-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40694?format=json","vulnerability_id":"VCID-4muk-rhx5-yqeu","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42386.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42386","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52665","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52681","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42386"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023938","reference_id":"2023938","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023938"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:31:59Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42386"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4muk-rhx5-yqeu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40693?format=json","vulnerability_id":"VCID-4qpt-mxfy-6bh6","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42385.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42385","reference_id":"","reference_type":"","scores":[{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52565","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52665","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52634","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52652","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52647","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52697","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00293","scoring_system":"epss","scoring_elements":"0.52681","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42385"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023936","reference_id":"2023936","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023936"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:00Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42385"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4qpt-mxfy-6bh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40685?format=json","vulnerability_id":"VCID-8r73-bpac-dubc","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42377.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42377","reference_id":"","reference_type":"","scores":[{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86174","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86236","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86243","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.8624","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86184","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86197","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86198","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02855","scoring_system":"epss","scoring_elements":"0.86217","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42377"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023895","reference_id":"2023895","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023895"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42377"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8r73-bpac-dubc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40683?format=json","vulnerability_id":"VCID-92nk-cwc9-rkg4","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42375.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42375","reference_id":"","reference_type":"","scores":[{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19135","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19076","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19269","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.1932","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19115","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19168","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19175","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00061","scoring_system":"epss","scoring_elements":"0.19128","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42375"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42375"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023888","reference_id":"2023888","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023888"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:22:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42375"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-92nk-cwc9-rkg4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40692?format=json","vulnerability_id":"VCID-9fex-zr2n-w3cb","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42384","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46555","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023933","reference_id":"2023933","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023933"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:01Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42384"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9fex-zr2n-w3cb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40688?format=json","vulnerability_id":"VCID-dse8-esmh-3ygm","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42380.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42380","reference_id":"","reference_type":"","scores":[{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63716","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63676","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63728","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63745","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00452","scoring_system":"epss","scoring_elements":"0.63759","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64309","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00464","scoring_system":"epss","scoring_elements":"0.64251","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023912","reference_id":"2023912","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023912"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:07Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42380"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dse8-esmh-3ygm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40687?format=json","vulnerability_id":"VCID-gdfa-8gar-47gd","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42379.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42379","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46555","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42379"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023904","reference_id":"2023904","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023904"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:08Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42379"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gdfa-8gar-47gd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40686?format=json","vulnerability_id":"VCID-jjxj-yf1x-4qg5","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42378.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42378","reference_id":"","reference_type":"","scores":[{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.4647","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46535","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46507","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46527","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46476","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46531","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00236","scoring_system":"epss","scoring_elements":"0.46555","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42378"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023900","reference_id":"2023900","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023900"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:10Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42378"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjxj-yf1x-4qg5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40690?format=json","vulnerability_id":"VCID-mdmz-hjvu-hke3","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42382.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42382","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.54992","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55093","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55143","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55135","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42382"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023929","reference_id":"2023929","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023929"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42382"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mdmz-hjvu-hke3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40689?format=json","vulnerability_id":"VCID-r12h-q1dj-a7b8","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42381","reference_id":"","reference_type":"","scores":[{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.54992","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55117","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55094","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55118","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55093","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55143","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55155","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00321","scoring_system":"epss","scoring_elements":"0.55135","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023927","reference_id":"2023927","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023927"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:06Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42381"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r12h-q1dj-a7b8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40681?format=json","vulnerability_id":"VCID-rp81-5jrg-jkht","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42373.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42373","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2428","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24249","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24349","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24306","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24407","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24439","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24222","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24288","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42373"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42373"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023876","reference_id":"2023876","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023876"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42373"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rp81-5jrg-jkht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40691?format=json","vulnerability_id":"VCID-svyb-nqje-dbcs","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42383.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42383","reference_id":"","reference_type":"","scores":[{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5225","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52188","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52215","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5218","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52233","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52229","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.5228","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00288","scoring_system":"epss","scoring_elements":"0.52264","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42383"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.6","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023931","reference_id":"2023931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023931"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"7.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:32:03Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42383"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-svyb-nqje-dbcs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40682?format=json","vulnerability_id":"VCID-tkat-gfks-kqg9","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42374.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42374","reference_id":"","reference_type":"","scores":[{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20042","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20022","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20189","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20244","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.19969","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20049","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20107","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.20126","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00064","scoring_system":"epss","scoring_elements":"0.2008","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42374"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42374"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023881","reference_id":"2023881","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023881"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/","reference_id":"6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6T2TURBYYJGBMQTTN2DSOAIQGP7WCPGV/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"},{"reference_url":"https://security.netapp.com/advisory/ntap-20211223-0002/","reference_id":"ntap-20211223-0002","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://security.netapp.com/advisory/ntap-20211223-0002/"},{"reference_url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/","reference_id":"unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/"},{"reference_url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_id":"unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://claroty.com/team82/research/unboxing-busybox-14-vulnerabilities-uncovered-by-claroty-jfrog"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/","reference_id":"UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T13:31:05Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UQXGOGWBIYWOIVXJVRKHZR34UMEHQBXS/"},{"reference_url":"https://usn.ubuntu.com/5179-1/","reference_id":"USN-5179-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5179-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42374"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tkat-gfks-kqg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40684?format=json","vulnerability_id":"VCID-vjyq-6k64-7fat","summary":"Multiple vulnerabilities have been discovered in BusyBox, the worst of which could lead to arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-42376.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42376","reference_id":"","reference_type":"","scores":[{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13819","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13766","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13893","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13851","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13815","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13902","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13958","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.1376","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00045","scoring_system":"epss","scoring_elements":"0.13843","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-42376"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023891","reference_id":"2023891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2023891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567","reference_id":"999567","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=999567"},{"reference_url":"https://security.archlinux.org/AVG-2561","reference_id":"AVG-2561","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2561"},{"reference_url":"https://security.archlinux.org/AVG-2562","reference_id":"AVG-2562","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2562"},{"reference_url":"https://security.gentoo.org/glsa/202407-17","reference_id":"GLSA-202407-17","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202407-17"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373365?format=json","purl":"pkg:alpm/archlinux/busybox@1.34.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"}],"aliases":["CVE-2021-42376"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjyq-6k64-7fat"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.34.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371001?format=json","purl":"pkg:alpm/archlinux/busybox@1.36.1-2","type":"alpm","namespace":"archlinux","name":"busybox","version":"1.36.1-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/96706?format=json","vulnerability_id":"VCID-jjqh-pw7r-buau","summary":"In tar in BusyBox through 1.37.0, a TAR archive can have filenames hidden from a listing through the use of terminal escape sequences.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46394","reference_id":"","reference_type":"","scores":[{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24224","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24333","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24442","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.2429","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24409","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24251","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24308","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00083","scoring_system":"epss","scoring_elements":"0.24351","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-46394"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46394","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-46394"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104008","reference_id":"1104008","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1104008"},{"reference_url":"https://security.archlinux.org/AVG-2880","reference_id":"AVG-2880","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2880"},{"reference_url":"https://www.busybox.net/downloads/","reference_id":"downloads","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/"}],"url":"https://www.busybox.net/downloads/"},{"reference_url":"https://bugs.busybox.net/show_bug.cgi?id=16018","reference_id":"show_bug.cgi?id=16018","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/"}],"url":"https://bugs.busybox.net/show_bug.cgi?id=16018"},{"reference_url":"https://www.busybox.net","reference_id":"www.busybox.net","reference_type":"","scores":[{"value":"3.2","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-23T15:43:05Z/"}],"url":"https://www.busybox.net"}],"fixed_packages":[],"aliases":["CVE-2025-46394"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jjqh-pw7r-buau"}],"fixing_vulnerabilities":[],"risk_score":"1.6","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/busybox@1.36.1-2"},{"url":"http://public2.vulnerablecode.io/api/packages/375002?format=json","purl":"pkg:alpm/archlinux/bzip2@1.0.6-5","type":"alpm","namespace":"archlinux","name":"bzip2","version":"1.0.6-5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.0.6-6","latest_non_vulnerable_version":"1.0.6-6","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36092?format=json","vulnerability_id":"VCID-rgbz-6485-tfan","summary":"An use-after-free vulnerability has been found in bzip2 that could\n    allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"},{"reference_url":"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3189","reference_id":"","reference_type":"","scores":[{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95993","published_at":"2026-04-09T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95977","published_at":"2026-04-04T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95971","published_at":"2026-04-02T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95963","published_at":"2026-04-01T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95996","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://seclists.org/bugtraq/2019/Aug/4"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/22","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://seclists.org/bugtraq/2019/Jul/22"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/06/20/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/06/20/1"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"reference_url":"http://www.securityfocus.com/bid/91297","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.securityfocus.com/bid/91297"},{"reference_url":"http://www.securitytracker.com/id/1036132","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.securitytracker.com/id/1036132"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319648","reference_id":"1319648","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744","reference_id":"827744","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744"},{"reference_url":"https://security.archlinux.org/ASA-201702-19","reference_id":"ASA-201702-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-19"},{"reference_url":"https://security.archlinux.org/AVG-4","reference_id":"AVG-4","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3189","reference_id":"CVE-2016-3189","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3189"},{"reference_url":"https://security.gentoo.org/glsa/201708-08","reference_id":"GLSA-201708-08","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://security.gentoo.org/glsa/201708-08"},{"reference_url":"https://usn.ubuntu.com/4038-1/","reference_id":"USN-4038-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://usn.ubuntu.com/4038-1/"},{"reference_url":"https://usn.ubuntu.com/4038-2/","reference_id":"USN-4038-2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://usn.ubuntu.com/4038-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375003?format=json","purl":"pkg:alpm/archlinux/bzip2@1.0.6-6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-6"}],"aliases":["CVE-2016-3189"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgbz-6485-tfan"}],"fixing_vulnerabilities":[],"risk_score":"3.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-5"},{"url":"http://public2.vulnerablecode.io/api/packages/375003?format=json","purl":"pkg:alpm/archlinux/bzip2@1.0.6-6","type":"alpm","namespace":"archlinux","name":"bzip2","version":"1.0.6-6","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36092?format=json","vulnerability_id":"VCID-rgbz-6485-tfan","summary":"An use-after-free vulnerability has been found in bzip2 that could\n    allow remote attackers to cause a Denial of Service condition.","references":[{"reference_url":"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://packetstormsecurity.com/files/153644/Slackware-Security-Advisory-bzip2-Updates.html"},{"reference_url":"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://packetstormsecurity.com/files/153957/FreeBSD-Security-Advisory-FreeBSD-SA-19-18.bzip2.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3189.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3189","reference_id":"","reference_type":"","scores":[{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95993","published_at":"2026-04-09T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95991","published_at":"2026-04-08T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95977","published_at":"2026-04-04T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95971","published_at":"2026-04-02T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95982","published_at":"2026-04-07T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95963","published_at":"2026-04-01T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95999","published_at":"2026-04-13T12:55:00Z"},{"value":"0.23714","scoring_system":"epss","scoring_elements":"0.95996","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-3189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3189"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:N/C:N/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r19b4a70ac52093115fd71d773a7a4f579599e6275a13cfcf6252c3e3%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r1dc4c9b3bd559301bdb1557245f78b8910146efb1ee534b774c5f6af%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r481cda41fefb03e04c51484ed14421d812e5ce9e0972edff10f37260%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r4ad2ea01354e394b7fa8c78a184b7e1634d51be9bc0e9e4d7e6c9305%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r5f7ac2bd631ccb12ced65b71ff11f94e76d05b22000795e4a7b61203%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r5f80cf3ade5bb73410643e885fe6b7bf9f0222daf3533e42c7ae240c%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/r6e3962fc9f6a79851f70cffdec5759065969cec9c6708b964464b301%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9f60580ff260becb2b%40%3Cusers.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/redf17d8ad16140733b25ca402ae825d6dfa9b85f73d9fb3fd0c75d73%40%3Cdev.kafka.apache.org%3E"},{"reference_url":"https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.apache.org/thread.html/rffebcbeaace56ff1fed7916700d2f414ca1366386fb1293e99b3e31e%40%3Cjira.kafka.apache.org%3E"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2019/06/msg00021.html"},{"reference_url":"https://seclists.org/bugtraq/2019/Aug/4","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://seclists.org/bugtraq/2019/Aug/4"},{"reference_url":"https://seclists.org/bugtraq/2019/Jul/22","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://seclists.org/bugtraq/2019/Jul/22"},{"reference_url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://security.FreeBSD.org/advisories/FreeBSD-SA-19:18.bzip2.asc"},{"reference_url":"https://www.oracle.com/security-alerts/cpuoct2020.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://www.oracle.com/security-alerts/cpuoct2020.html"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/06/20/1","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.openwall.com/lists/oss-security/2016/06/20/1"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.oracle.com/technetwork/topics/security/bulletinjul2016-3090568.html"},{"reference_url":"http://www.securityfocus.com/bid/91297","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.securityfocus.com/bid/91297"},{"reference_url":"http://www.securitytracker.com/id/1036132","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"http://www.securitytracker.com/id/1036132"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319648","reference_id":"1319648","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1319648"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744","reference_id":"827744","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827744"},{"reference_url":"https://security.archlinux.org/ASA-201702-19","reference_id":"ASA-201702-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201702-19"},{"reference_url":"https://security.archlinux.org/AVG-4","reference_id":"AVG-4","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-4"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:bzip:bzip2:1.0.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3189","reference_id":"CVE-2016-3189","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3189"},{"reference_url":"https://security.gentoo.org/glsa/201708-08","reference_id":"GLSA-201708-08","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://security.gentoo.org/glsa/201708-08"},{"reference_url":"https://usn.ubuntu.com/4038-1/","reference_id":"USN-4038-1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://usn.ubuntu.com/4038-1/"},{"reference_url":"https://usn.ubuntu.com/4038-2/","reference_id":"USN-4038-2","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T15:58:23Z/"}],"url":"https://usn.ubuntu.com/4038-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/375003?format=json","purl":"pkg:alpm/archlinux/bzip2@1.0.6-6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-6"}],"aliases":["CVE-2016-3189"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rgbz-6485-tfan"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/bzip2@1.0.6-6"},{"url":"http://public2.vulnerablecode.io/api/packages/374520?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.13-1","type":"alpm","namespace":"archlinux","name":"cacti","version":"1.1.13-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.1.14-1","latest_non_vulnerable_version":"1.2.16-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93071?format=json","vulnerability_id":"VCID-afss-mcgj-7bce","summary":"Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11691","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66228","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66239","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66272","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66259","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848","reference_id":"869848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848"},{"reference_url":"https://security.archlinux.org/ASA-201707-30","reference_id":"ASA-201707-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-30"},{"reference_url":"https://security.archlinux.org/AVG-365","reference_id":"AVG-365","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-365"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374521?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.14-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.14-1"}],"aliases":["CVE-2017-11691"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afss-mcgj-7bce"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.13-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374521?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.14-1","type":"alpm","namespace":"archlinux","name":"cacti","version":"1.1.14-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.1.28-1","latest_non_vulnerable_version":"1.2.16-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93071?format=json","vulnerability_id":"VCID-afss-mcgj-7bce","summary":"Cross-site scripting (XSS) vulnerability in auth_profile.php in Cacti 1.1.13 allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11691","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66228","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66154","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66195","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66222","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66191","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66239","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66252","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66272","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66259","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-11691"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11691"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848","reference_id":"869848","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=869848"},{"reference_url":"https://security.archlinux.org/ASA-201707-30","reference_id":"ASA-201707-30","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-30"},{"reference_url":"https://security.archlinux.org/AVG-365","reference_id":"AVG-365","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-365"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374521?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.14-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.14-1"}],"aliases":["CVE-2017-11691"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afss-mcgj-7bce"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.14-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372847?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.17-1","type":"alpm","namespace":"archlinux","name":"cacti","version":"1.1.17-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.1.28-1","latest_non_vulnerable_version":"1.2.16-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93157?format=json","vulnerability_id":"VCID-q88b-smmh-77ga","summary":"Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16660","reference_id":"","reference_type":"","scores":[{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80764","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.8079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80826","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02642","scoring_system":"epss","scoring_elements":"0.85723","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02642","scoring_system":"epss","scoring_elements":"0.8572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02642","scoring_system":"epss","scoring_elements":"0.85716","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660"},{"reference_url":"https://github.com/Cacti/cacti/issues/1066","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1066"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16660","reference_id":"CVE-2017-16660","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"},{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16660"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16660"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q88b-smmh-77ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93156?format=json","vulnerability_id":"VCID-qbvv-frc2-rqbk","summary":"lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16641","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64294","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64351","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64402","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79404","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641"},{"reference_url":"https://github.com/Cacti/cacti/issues/1057","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1057"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110","reference_id":"881110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16641","reference_id":"CVE-2017-16641","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"},{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16641"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16641"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvv-frc2-rqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93158?format=json","vulnerability_id":"VCID-x1fg-6mq4-d7ds","summary":"Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16661","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29806","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29761","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39812","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39814","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39837","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661"},{"reference_url":"https://github.com/Cacti/cacti/issues/1066","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1066"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16661","reference_id":"CVE-2017-16661","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16661"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fg-6mq4-d7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93159?format=json","vulnerability_id":"VCID-yjny-ubdp-7few","summary":"Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16785","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39988","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40008","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41485","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4158","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41603","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785"},{"reference_url":"https://github.com/Cacti/cacti/issues/1071","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1071"},{"reference_url":"http://www.securitytracker.com/id/1039774","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039774"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16785","reference_id":"CVE-2017-16785","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjny-ubdp-7few"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.17-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","type":"alpm","namespace":"archlinux","name":"cacti","version":"1.1.28-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.2.16-2","latest_non_vulnerable_version":"1.2.16-2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93157?format=json","vulnerability_id":"VCID-q88b-smmh-77ga","summary":"Cacti 1.1.27 allows remote authenticated administrators to conduct Remote Code Execution attacks by placing the Log Path under the web root, and then making a remote_agent.php request containing PHP code in a Client-ip header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16660","reference_id":"","reference_type":"","scores":[{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80764","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80772","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80793","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.8079","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80817","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01457","scoring_system":"epss","scoring_elements":"0.80826","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02642","scoring_system":"epss","scoring_elements":"0.85723","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02642","scoring_system":"epss","scoring_elements":"0.8572","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02642","scoring_system":"epss","scoring_elements":"0.85716","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16660"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16660"},{"reference_url":"https://github.com/Cacti/cacti/issues/1066","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1066"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16660","reference_id":"CVE-2017-16660","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"},{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16660"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16660"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-q88b-smmh-77ga"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93156?format=json","vulnerability_id":"VCID-qbvv-frc2-rqbk","summary":"lib/rrd.php in Cacti 1.1.27 allows remote authenticated administrators to execute arbitrary OS commands via the path_rrdtool parameter in an action=save request to settings.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16641","reference_id":"","reference_type":"","scores":[{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64294","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64351","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.6438","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64387","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00465","scoring_system":"epss","scoring_elements":"0.64402","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79432","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79415","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0126","scoring_system":"epss","scoring_elements":"0.79404","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16641"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16641"},{"reference_url":"https://github.com/Cacti/cacti/issues/1057","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1057"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110","reference_id":"881110","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881110"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16641","reference_id":"CVE-2017-16641","reference_type":"","scores":[{"value":"9.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:C/I:C/A:C"},{"value":"7.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16641"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16641"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qbvv-frc2-rqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93158?format=json","vulnerability_id":"VCID-x1fg-6mq4-d7ds","summary":"Cacti 1.1.27 allows remote authenticated administrators to read arbitrary files by placing the Log Path into a private directory, and then making a clog.php?filename= request, as demonstrated by filename=passwd (with a Log Path under /etc) to read /etc/passwd.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16661","reference_id":"","reference_type":"","scores":[{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29806","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29711","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00112","scoring_system":"epss","scoring_elements":"0.29761","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39665","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39812","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39827","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39757","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39814","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00181","scoring_system":"epss","scoring_elements":"0.39837","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16661"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16661"},{"reference_url":"https://github.com/Cacti/cacti/issues/1066","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1066"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16661","reference_id":"CVE-2017-16661","reference_type":"","scores":[{"value":"4.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:S/C:P/I:N/A:N"},{"value":"4.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16661"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16661"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1fg-6mq4-d7ds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93159?format=json","vulnerability_id":"VCID-yjny-ubdp-7few","summary":"Cacti 1.1.27 has reflected XSS via the PATH_INFO to host.php.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16785","reference_id":"","reference_type":"","scores":[{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.39988","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00182","scoring_system":"epss","scoring_elements":"0.40008","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41485","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4158","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41589","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.4153","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41574","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00196","scoring_system":"epss","scoring_elements":"0.41603","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-16785"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16785"},{"reference_url":"https://github.com/Cacti/cacti/issues/1071","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/Cacti/cacti/issues/1071"},{"reference_url":"http://www.securitytracker.com/id/1039774","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039774"},{"reference_url":"https://security.archlinux.org/ASA-201712-2","reference_id":"ASA-201712-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201712-2"},{"reference_url":"https://security.archlinux.org/AVG-537","reference_id":"AVG-537","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-537"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:cacti:cacti:1.1.27:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16785","reference_id":"CVE-2017-16785","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-16785"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372848?format=json","purl":"pkg:alpm/archlinux/cacti@1.1.28-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"}],"aliases":["CVE-2017-16785"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjny-ubdp-7few"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.1.28-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372196?format=json","purl":"pkg:alpm/archlinux/cacti@1.2.16-1","type":"alpm","namespace":"archlinux","name":"cacti","version":"1.2.16-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.2.16-2","latest_non_vulnerable_version":"1.2.16-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32093?format=json","vulnerability_id":"VCID-qvkt-vk55-4bbx","summary":"A vulnerability in Cacti could lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35701","reference_id":"","reference_type":"","scores":[{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82949","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82885","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82914","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.8291","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82936","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82953","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998","reference_id":"979998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998"},{"reference_url":"https://security.archlinux.org/AVG-1433","reference_id":"AVG-1433","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1433"},{"reference_url":"https://security.gentoo.org/glsa/202101-31","reference_id":"GLSA-202101-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-31"},{"reference_url":"https://usn.ubuntu.com/USN-5214-1/","reference_id":"USN-USN-5214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372197?format=json","purl":"pkg:alpm/archlinux/cacti@1.2.16-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-2"}],"aliases":["CVE-2020-35701"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvkt-vk55-4bbx"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372197?format=json","purl":"pkg:alpm/archlinux/cacti@1.2.16-2","type":"alpm","namespace":"archlinux","name":"cacti","version":"1.2.16-2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32093?format=json","vulnerability_id":"VCID-qvkt-vk55-4bbx","summary":"A vulnerability in Cacti could lead to remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35701","reference_id":"","reference_type":"","scores":[{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82949","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82885","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82901","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82914","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.8291","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82936","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82943","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82958","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01839","scoring_system":"epss","scoring_elements":"0.82953","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35701"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35701"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998","reference_id":"979998","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=979998"},{"reference_url":"https://security.archlinux.org/AVG-1433","reference_id":"AVG-1433","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1433"},{"reference_url":"https://security.gentoo.org/glsa/202101-31","reference_id":"GLSA-202101-31","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202101-31"},{"reference_url":"https://usn.ubuntu.com/USN-5214-1/","reference_id":"USN-USN-5214-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-5214-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372197?format=json","purl":"pkg:alpm/archlinux/cacti@1.2.16-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-2"}],"aliases":["CVE-2020-35701"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qvkt-vk55-4bbx"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cacti@1.2.16-2"},{"url":"http://public2.vulnerablecode.io/api/packages/374973?format=json","purl":"pkg:alpm/archlinux/cairo@1.14.10-1","type":"alpm","namespace":"archlinux","name":"cairo","version":"1.14.10-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.15.8-1","latest_non_vulnerable_version":"1.17.4-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7954?format=json","vulnerability_id":"VCID-m37e-xj39-eqfu","summary":"NULL Pointer Dereference\nCairo is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7475","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51551","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.5145","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51501","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51528","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51489","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51542","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51539","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51584","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51563","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7475"},{"reference_url":"https://bugs.freedesktop.org/show_bug.cgi?id=100763","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.freedesktop.org/show_bug.cgi?id=100763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475"},{"reference_url":"http://seclists.org/oss-sec/2017/q2/151","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2017/q2/151"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rcairo/rcairo","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rcairo/rcairo"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml"},{"reference_url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1447949","reference_id":"1447949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1447949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264","reference_id":"870264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264"},{"reference_url":"https://security.archlinux.org/AVG-277","reference_id":"AVG-277","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-277"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7475","reference_id":"CVE-2017-7475","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7475"},{"reference_url":"https://github.com/advisories/GHSA-5v3f-73gv-x7x5","reference_id":"GHSA-5v3f-73gv-x7x5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v3f-73gv-x7x5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374974?format=json","purl":"pkg:alpm/archlinux/cairo@1.15.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.15.8-1"}],"aliases":["CVE-2017-7475","GHSA-5v3f-73gv-x7x5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m37e-xj39-eqfu"}],"fixing_vulnerabilities":[],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.14.10-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374974?format=json","purl":"pkg:alpm/archlinux/cairo@1.15.8-1","type":"alpm","namespace":"archlinux","name":"cairo","version":"1.15.8-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.16.0-2","latest_non_vulnerable_version":"1.17.4-5","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/7954?format=json","vulnerability_id":"VCID-m37e-xj39-eqfu","summary":"NULL Pointer Dereference\nCairo is vulnerable to a NULL pointer dereference related to the FT_Load_Glyph and FT_Render_Glyph resulting in an application crash.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json","reference_id":"","reference_type":"","scores":[{"value":"3.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7475.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7475","reference_id":"","reference_type":"","scores":[{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51551","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.5145","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51501","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51528","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51489","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51542","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51539","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51584","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00282","scoring_system":"epss","scoring_elements":"0.51563","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7475"},{"reference_url":"https://bugs.freedesktop.org/show_bug.cgi?id=100763","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3","scoring_elements":""},{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugs.freedesktop.org/show_bug.cgi?id=100763"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-7475"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7475"},{"reference_url":"http://seclists.org/oss-sec/2017/q2/151","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/oss-sec/2017/q2/151"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/rcairo/rcairo","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rcairo/rcairo"},{"reference_url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/rubysec/ruby-advisory-db/blob/master/gems/cairo/CVE-2017-7475.yml"},{"reference_url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf9fa47ab66495c78bb4120b0754dd9531ca2ff0430f6685ac9b07772@%3Cdev.mina.apache.org%3E"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1447949","reference_id":"1447949","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1447949"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264","reference_id":"870264","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870264"},{"reference_url":"https://security.archlinux.org/AVG-277","reference_id":"AVG-277","reference_type":"","scores":[{"value":"Low","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-277"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7475","reference_id":"CVE-2017-7475","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7475"},{"reference_url":"https://github.com/advisories/GHSA-5v3f-73gv-x7x5","reference_id":"GHSA-5v3f-73gv-x7x5","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-5v3f-73gv-x7x5"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374974?format=json","purl":"pkg:alpm/archlinux/cairo@1.15.8-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.15.8-1"}],"aliases":["CVE-2017-7475","GHSA-5v3f-73gv-x7x5"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m37e-xj39-eqfu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.15.8-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371401?format=json","purl":"pkg:alpm/archlinux/cairo@1.16.0-1","type":"alpm","namespace":"archlinux","name":"cairo","version":"1.16.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.16.0-2","latest_non_vulnerable_version":"1.17.4-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83009?format=json","vulnerability_id":"VCID-8bnq-c161-2yaq","summary":"cairo: Invalid free in cairo_ft_apply_variations() resulting in a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19876","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53506","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53585","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5362","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53602","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53529","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53555","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53524","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53574","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5357","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661454","reference_id":"1661454","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661454"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801","reference_id":"915801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801"},{"reference_url":"https://security.archlinux.org/ASA-201902-19","reference_id":"ASA-201902-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-19"},{"reference_url":"https://security.archlinux.org/AVG-826","reference_id":"AVG-826","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-826"},{"reference_url":"https://security.archlinux.org/AVG-827","reference_id":"AVG-827","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371402?format=json","purl":"pkg:alpm/archlinux/cairo@1.16.0-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-2"}],"aliases":["CVE-2018-19876"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bnq-c161-2yaq"}],"fixing_vulnerabilities":[],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/371402?format=json","purl":"pkg:alpm/archlinux/cairo@1.16.0-2","type":"alpm","namespace":"archlinux","name":"cairo","version":"1.16.0-2","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.17.4-5","latest_non_vulnerable_version":"1.17.4-5","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83009?format=json","vulnerability_id":"VCID-8bnq-c161-2yaq","summary":"cairo: Invalid free in cairo_ft_apply_variations() resulting in a denial of service","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-19876.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19876","reference_id":"","reference_type":"","scores":[{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53506","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53585","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5362","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53602","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53529","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53555","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53524","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.53574","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00303","scoring_system":"epss","scoring_elements":"0.5357","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-19876"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-19876"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661454","reference_id":"1661454","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1661454"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801","reference_id":"915801","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=915801"},{"reference_url":"https://security.archlinux.org/ASA-201902-19","reference_id":"ASA-201902-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201902-19"},{"reference_url":"https://security.archlinux.org/AVG-826","reference_id":"AVG-826","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-826"},{"reference_url":"https://security.archlinux.org/AVG-827","reference_id":"AVG-827","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-827"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/371402?format=json","purl":"pkg:alpm/archlinux/cairo@1.16.0-2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-2"}],"aliases":["CVE-2018-19876"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8bnq-c161-2yaq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.16.0-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373956?format=json","purl":"pkg:alpm/archlinux/cairo@1.17.4-4","type":"alpm","namespace":"archlinux","name":"cairo","version":"1.17.4-4","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.17.4-5","latest_non_vulnerable_version":"1.17.4-5","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37091?format=json","vulnerability_id":"VCID-rzf2-bp8j-27fq","summary":"A buffer overflow vulnerability has been discovered in Cairo which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35492","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26957","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26961","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26917","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27016","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27053","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26843","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26911","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898396","reference_id":"1898396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658","reference_id":"978658","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658"},{"reference_url":"https://security.archlinux.org/AVG-1391","reference_id":"AVG-1391","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1391"},{"reference_url":"https://security.archlinux.org/AVG-1392","reference_id":"AVG-1392","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1392"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35492","reference_id":"CVE-2020-35492","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35492"},{"reference_url":"https://security.gentoo.org/glsa/202305-21","reference_id":"GLSA-202305-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1961","reference_id":"RHSA-2022:1961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1961"},{"reference_url":"https://usn.ubuntu.com/5407-1/","reference_id":"USN-5407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5407-1/"},{"reference_url":"https://usn.ubuntu.com/8140-1/","reference_id":"USN-8140-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8140-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373957?format=json","purl":"pkg:alpm/archlinux/cairo@1.17.4-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-5"}],"aliases":["CVE-2020-35492"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzf2-bp8j-27fq"}],"fixing_vulnerabilities":[],"risk_score":"3.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-4"},{"url":"http://public2.vulnerablecode.io/api/packages/373957?format=json","purl":"pkg:alpm/archlinux/cairo@1.17.4-5","type":"alpm","namespace":"archlinux","name":"cairo","version":"1.17.4-5","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37091?format=json","vulnerability_id":"VCID-rzf2-bp8j-27fq","summary":"A buffer overflow vulnerability has been discovered in Cairo which could result in denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-35492.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35492","reference_id":"","reference_type":"","scores":[{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26976","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.2686","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26957","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26961","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26917","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27016","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.27053","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26843","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00098","scoring_system":"epss","scoring_elements":"0.26911","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-35492"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-35492"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898396","reference_id":"1898396","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898396"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658","reference_id":"978658","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=978658"},{"reference_url":"https://security.archlinux.org/AVG-1391","reference_id":"AVG-1391","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1391"},{"reference_url":"https://security.archlinux.org/AVG-1392","reference_id":"AVG-1392","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1392"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35492","reference_id":"CVE-2020-35492","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-35492"},{"reference_url":"https://security.gentoo.org/glsa/202305-21","reference_id":"GLSA-202305-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:1961","reference_id":"RHSA-2022:1961","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:1961"},{"reference_url":"https://usn.ubuntu.com/5407-1/","reference_id":"USN-5407-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5407-1/"},{"reference_url":"https://usn.ubuntu.com/8140-1/","reference_id":"USN-8140-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8140-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373957?format=json","purl":"pkg:alpm/archlinux/cairo@1.17.4-5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-5"}],"aliases":["CVE-2020-35492"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzf2-bp8j-27fq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/cairo@1.17.4-5"},{"url":"http://public2.vulnerablecode.io/api/packages/372759?format=json","purl":"pkg:alpm/archlinux/calibre@3.18.0-1","type":"alpm","namespace":"archlinux","name":"calibre","version":"3.18.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.19.0-1","latest_non_vulnerable_version":"3.19.0-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93806?format=json","vulnerability_id":"VCID-xhf1-k7jg-6ued","summary":"gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7889","reference_id":"","reference_type":"","scores":[{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93385","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93354","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93362","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.9337","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93386","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242","reference_id":"892242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242"},{"reference_url":"https://security.archlinux.org/ASA-201803-8","reference_id":"ASA-201803-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-8"},{"reference_url":"https://security.archlinux.org/AVG-650","reference_id":"AVG-650","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-650"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372760?format=json","purl":"pkg:alpm/archlinux/calibre@3.19.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.19.0-1"}],"aliases":["CVE-2018-7889"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhf1-k7jg-6ued"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.18.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/372760?format=json","purl":"pkg:alpm/archlinux/calibre@3.19.0-1","type":"alpm","namespace":"archlinux","name":"calibre","version":"3.19.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/93806?format=json","vulnerability_id":"VCID-xhf1-k7jg-6ued","summary":"gui2/viewer/bookmarkmanager.py in Calibre 3.18 calls cPickle.load on imported bookmark data, which allows remote attackers to execute arbitrary code via a crafted .pickle file, as demonstrated by Python code that contains an os.system call.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7889","reference_id":"","reference_type":"","scores":[{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93385","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93354","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93362","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.9337","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93386","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-7889"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7889"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242","reference_id":"892242","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892242"},{"reference_url":"https://security.archlinux.org/ASA-201803-8","reference_id":"ASA-201803-8","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201803-8"},{"reference_url":"https://security.archlinux.org/AVG-650","reference_id":"AVG-650","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-650"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/372760?format=json","purl":"pkg:alpm/archlinux/calibre@3.19.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.19.0-1"}],"aliases":["CVE-2018-7889"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xhf1-k7jg-6ued"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/calibre@3.19.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373162?format=json","purl":"pkg:alpm/archlinux/c-ares@1.11.0-1","type":"alpm","namespace":"archlinux","name":"c-ares","version":"1.11.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.13.0-1","latest_non_vulnerable_version":"1.17.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47188?format=json","vulnerability_id":"VCID-33wk-w9ez-vyd2","summary":"A heap-based buffer overflow in c-ares might allow remote attackers\n    to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5180","reference_id":"","reference_type":"","scores":[{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95153","published_at":"2026-04-01T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.9519","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95164","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95169","published_at":"2026-04-07T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95176","published_at":"2026-04-08T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.9518","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5180"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380463","reference_id":"1380463","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151","reference_id":"839151","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151"},{"reference_url":"https://security.archlinux.org/ASA-201609-31","reference_id":"ASA-201609-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-31"},{"reference_url":"https://security.archlinux.org/AVG-37","reference_id":"AVG-37","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-37"},{"reference_url":"https://security.gentoo.org/glsa/201701-28","reference_id":"GLSA-201701-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0002","reference_id":"RHSA-2017:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0002"},{"reference_url":"https://usn.ubuntu.com/3143-1/","reference_id":"USN-3143-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3143-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373163?format=json","purl":"pkg:alpm/archlinux/c-ares@1.12.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w3cx-2jcp-pyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.12.0-1"}],"aliases":["CVE-2016-5180"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2"}],"fixing_vulnerabilities":[],"risk_score":"4.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.11.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373163?format=json","purl":"pkg:alpm/archlinux/c-ares@1.12.0-1","type":"alpm","namespace":"archlinux","name":"c-ares","version":"1.12.0-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.13.0-1","latest_non_vulnerable_version":"1.17.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84234?format=json","vulnerability_id":"VCID-w3cx-2jcp-pyga","summary":"c-ares: NAPTR parser out of bounds access","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000381","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66165","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66263","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66284","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66271","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66203","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6625","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463132","reference_id":"1463132","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463132"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360","reference_id":"865360","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360"},{"reference_url":"https://security.archlinux.org/ASA-201707-21","reference_id":"ASA-201707-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-21"},{"reference_url":"https://security.archlinux.org/AVG-315","reference_id":"AVG-315","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2908","reference_id":"RHSA-2017:2908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2908"},{"reference_url":"https://usn.ubuntu.com/3395-1/","reference_id":"USN-3395-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3395-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374538?format=json","purl":"pkg:alpm/archlinux/c-ares@1.13.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.13.0-1"}],"aliases":["CVE-2017-1000381"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47188?format=json","vulnerability_id":"VCID-33wk-w9ez-vyd2","summary":"A heap-based buffer overflow in c-ares might allow remote attackers\n    to cause a Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5180.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5180","reference_id":"","reference_type":"","scores":[{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95153","published_at":"2026-04-01T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.9519","published_at":"2026-04-13T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95186","published_at":"2026-04-11T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95164","published_at":"2026-04-02T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95169","published_at":"2026-04-07T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.95176","published_at":"2026-04-08T12:55:00Z"},{"value":"0.18165","scoring_system":"epss","scoring_elements":"0.9518","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5180"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5180"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380463","reference_id":"1380463","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1380463"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151","reference_id":"839151","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=839151"},{"reference_url":"https://security.archlinux.org/ASA-201609-31","reference_id":"ASA-201609-31","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201609-31"},{"reference_url":"https://security.archlinux.org/AVG-37","reference_id":"AVG-37","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-37"},{"reference_url":"https://security.gentoo.org/glsa/201701-28","reference_id":"GLSA-201701-28","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:0002","reference_id":"RHSA-2017:0002","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:0002"},{"reference_url":"https://usn.ubuntu.com/3143-1/","reference_id":"USN-3143-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3143-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373163?format=json","purl":"pkg:alpm/archlinux/c-ares@1.12.0-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-w3cx-2jcp-pyga"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.12.0-1"}],"aliases":["CVE-2016-5180"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-33wk-w9ez-vyd2"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.12.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374538?format=json","purl":"pkg:alpm/archlinux/c-ares@1.13.0-1","type":"alpm","namespace":"archlinux","name":"c-ares","version":"1.13.0-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"1.17.2-1","latest_non_vulnerable_version":"1.17.2-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84234?format=json","vulnerability_id":"VCID-w3cx-2jcp-pyga","summary":"c-ares: NAPTR parser out of bounds access","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000381.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000381","reference_id":"","reference_type":"","scores":[{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66165","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66239","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66263","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66284","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66271","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.66203","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00506","scoring_system":"epss","scoring_elements":"0.6625","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-1000381"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000381"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463132","reference_id":"1463132","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1463132"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360","reference_id":"865360","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=865360"},{"reference_url":"https://security.archlinux.org/ASA-201707-21","reference_id":"ASA-201707-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-21"},{"reference_url":"https://security.archlinux.org/AVG-315","reference_id":"AVG-315","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-315"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2908","reference_id":"RHSA-2017:2908","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2908"},{"reference_url":"https://usn.ubuntu.com/3395-1/","reference_id":"USN-3395-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3395-1/"},{"reference_url":"https://usn.ubuntu.com/USN-4796-1/","reference_id":"USN-USN-4796-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4796-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/374538?format=json","purl":"pkg:alpm/archlinux/c-ares@1.13.0-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.13.0-1"}],"aliases":["CVE-2017-1000381"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w3cx-2jcp-pyga"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.13.0-1"},{"url":"http://public2.vulnerablecode.io/api/packages/374205?format=json","purl":"pkg:alpm/archlinux/c-ares@1.16.1-2","type":"alpm","namespace":"archlinux","name":"c-ares","version":"1.16.1-2","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.17.2-1","latest_non_vulnerable_version":"1.17.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=json","vulnerability_id":"VCID-m4sn-7wuq-e3cd","summary":"A Denial of Service vulnerability was discovered in c-ares.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277","reference_id":"","reference_type":"","scores":[{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98219","published_at":"2026-04-01T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98226","published_at":"2026-04-07T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.9823","published_at":"2026-04-09T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98222","published_at":"2026-04-02T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98225","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554","reference_id":"1898554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554"},{"reference_url":"https://security.archlinux.org/ASA-202011-18","reference_id":"ASA-202011-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-18"},{"reference_url":"https://security.archlinux.org/AVG-1280","reference_id":"AVG-1280","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277","reference_id":"CVE-2020-8277","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277"},{"reference_url":"https://security.gentoo.org/glsa/202012-11","reference_id":"GLSA-202012-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/4638-1/","reference_id":"USN-4638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:alpm/archlinux/c-ares@1.17.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xdz-dku3-qqc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.1-1"}],"aliases":["CVE-2020-8277"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd"}],"fixing_vulnerabilities":[],"risk_score":"3.4","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.16.1-2"},{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:alpm/archlinux/c-ares@1.17.1-1","type":"alpm","namespace":"archlinux","name":"c-ares","version":"1.17.1-1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.17.2-1","latest_non_vulnerable_version":"1.17.2-1","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11629?format=json","vulnerability_id":"VCID-1xdz-dku3-qqc4","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3672","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17358","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17138","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17229","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17265","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17216","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3672"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342"},{"reference_url":"https://c-ares.haxx.se/adv_20210810.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/"}],"url":"https://c-ares.haxx.se/adv_20210810.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053","reference_id":"992053","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053"},{"reference_url":"https://security.archlinux.org/ASA-202108-13","reference_id":"ASA-202108-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-13"},{"reference_url":"https://security.archlinux.org/AVG-2268","reference_id":"AVG-2268","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3672","reference_id":"CVE-2021-3672","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3672"},{"reference_url":"https://security.gentoo.org/glsa/202401-02","reference_id":"GLSA-202401-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/"}],"url":"https://security.gentoo.org/glsa/202401-02"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3623","reference_id":"RHSA-2021:3623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3638","reference_id":"RHSA-2021:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3639","reference_id":"RHSA-2021:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3666","reference_id":"RHSA-2021:3666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2043","reference_id":"RHSA-2022:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2043"},{"reference_url":"https://usn.ubuntu.com/5034-1/","reference_id":"USN-5034-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5034-1/"},{"reference_url":"https://usn.ubuntu.com/5034-2/","reference_id":"USN-5034-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5034-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373569?format=json","purl":"pkg:alpm/archlinux/c-ares@1.17.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.2-1"}],"aliases":["CVE-2021-3672"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/35492?format=json","vulnerability_id":"VCID-m4sn-7wuq-e3cd","summary":"A Denial of Service vulnerability was discovered in c-ares.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8277.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277","reference_id":"","reference_type":"","scores":[{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98219","published_at":"2026-04-01T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98226","published_at":"2026-04-07T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.9823","published_at":"2026-04-09T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98222","published_at":"2026-04-02T12:55:00Z"},{"value":"0.59168","scoring_system":"epss","scoring_elements":"0.98225","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-8277"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8277"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A7WH7W46OZSEUHWBHD7TCH3LRFY52V6Z/"},{"reference_url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/","reference_id":"","reference_type":"","scores":[],"url":"https://nodejs.org/en/blog/vulnerability/november-2020-security-releases/"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554","reference_id":"1898554","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1898554"},{"reference_url":"https://security.archlinux.org/ASA-202011-18","reference_id":"ASA-202011-18","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202011-18"},{"reference_url":"https://security.archlinux.org/AVG-1280","reference_id":"AVG-1280","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1280"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277","reference_id":"CVE-2020-8277","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-8277"},{"reference_url":"https://security.gentoo.org/glsa/202012-11","reference_id":"GLSA-202012-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-11"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5305","reference_id":"RHSA-2020:5305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5499","reference_id":"RHSA-2020:5499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0421","reference_id":"RHSA-2021:0421","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0421"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0551","reference_id":"RHSA-2021:0551","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0551"},{"reference_url":"https://usn.ubuntu.com/4638-1/","reference_id":"USN-4638-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4638-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373568?format=json","purl":"pkg:alpm/archlinux/c-ares@1.17.1-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1xdz-dku3-qqc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.1-1"}],"aliases":["CVE-2020-8277"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4sn-7wuq-e3cd"}],"risk_score":"3.1","resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/373569?format=json","purl":"pkg:alpm/archlinux/c-ares@1.17.2-1","type":"alpm","namespace":"archlinux","name":"c-ares","version":"1.17.2-1","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/11629?format=json","vulnerability_id":"VCID-1xdz-dku3-qqc4","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json","reference_id":"","reference_type":"","scores":[{"value":"5.6","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3672.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3672","reference_id":"","reference_type":"","scores":[{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17144","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.1731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17358","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17138","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17229","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17287","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17265","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00055","scoring_system":"epss","scoring_elements":"0.17216","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3672"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1988342"},{"reference_url":"https://c-ares.haxx.se/adv_20210810.html","reference_id":"","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/"}],"url":"https://c-ares.haxx.se/adv_20210810.html"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053","reference_id":"992053","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=992053"},{"reference_url":"https://security.archlinux.org/ASA-202108-13","reference_id":"ASA-202108-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202108-13"},{"reference_url":"https://security.archlinux.org/AVG-2268","reference_id":"AVG-2268","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2268"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3672","reference_id":"CVE-2021-3672","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3672"},{"reference_url":"https://security.gentoo.org/glsa/202401-02","reference_id":"GLSA-202401-02","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:09:33Z/"}],"url":"https://security.gentoo.org/glsa/202401-02"},{"reference_url":"https://security.gentoo.org/glsa/202405-29","reference_id":"GLSA-202405-29","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202405-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3280","reference_id":"RHSA-2021:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3281","reference_id":"RHSA-2021:3281","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3281"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3623","reference_id":"RHSA-2021:3623","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3623"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3638","reference_id":"RHSA-2021:3638","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3638"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3639","reference_id":"RHSA-2021:3639","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3639"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3666","reference_id":"RHSA-2021:3666","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3666"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:2043","reference_id":"RHSA-2022:2043","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:2043"},{"reference_url":"https://usn.ubuntu.com/5034-1/","reference_id":"USN-5034-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5034-1/"},{"reference_url":"https://usn.ubuntu.com/5034-2/","reference_id":"USN-5034-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5034-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/373569?format=json","purl":"pkg:alpm/archlinux/c-ares@1.17.2-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.2-1"}],"aliases":["CVE-2021-3672"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1xdz-dku3-qqc4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/c-ares@1.17.2-1"}]}