Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-6raq-jq1v-cyde

Summary

Two vulnerabilities have been found in MCollective, the worst of
    which could lead to privilege escalation.

Aliases

alias	CVE-2014-3251

Fixed_packages

url	pkg:deb/debian/mcollective@2.6.0%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.6.0%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.6.0%252Bdfsg-1%3Fdistro=bullseye

url pkg:deb/debian/mcollective@2.6.0%2Bdfsg-2.1

purl pkg:deb/debian/mcollective@2.6.0%2Bdfsg-2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-casd-wvax-8yde

vulnerability	VCID-e88t-j5b4-s7ba

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.6.0%252Bdfsg-2.1

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1%3Fdistro=bullseye

url	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
purl	pkg:deb/debian/mcollective@2.12.5%2Bdfsg-1.1?distro=bullseye
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.12.5%252Bdfsg-1.1%3Fdistro=bullseye

url	pkg:ebuild/app-admin/mcollective@2.5.3
purl	pkg:ebuild/app-admin/mcollective@2.5.3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/app-admin/mcollective@2.5.3

Affected_packages

url pkg:deb/debian/mcollective@2.0.0%2Bdfsg-2

purl pkg:deb/debian/mcollective@2.0.0%2Bdfsg-2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-6raq-jq1v-cyde

vulnerability	VCID-7ypq-wmb7-quhc

vulnerability	VCID-casd-wvax-8yde

vulnerability	VCID-e88t-j5b4-s7ba

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/mcollective@2.0.0%252Bdfsg-2

References

reference_url	http://puppetlabs.com/security/cve/cve-2014-3251
reference_id
reference_type
scores
url	http://puppetlabs.com/security/cve/cve-2014-3251

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3251.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3251.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3251

reference_id

reference_type

scores

value	0.00027
scoring_system	epss
scoring_elements	0.07745
published_at	2026-05-14T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07324
published_at	2026-04-01T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07436
published_at	2026-04-02T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07478
published_at	2026-04-04T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0746
published_at	2026-04-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07517
published_at	2026-04-08T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.0754
published_at	2026-04-09T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07542
published_at	2026-04-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07528
published_at	2026-04-12T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07515
published_at	2026-04-13T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07437
published_at	2026-04-16T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07427
published_at	2026-04-18T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07556
published_at	2026-04-21T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07516
published_at	2026-04-24T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07507
published_at	2026-04-26T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07476
published_at	2026-04-29T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07469
published_at	2026-05-05T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07615
published_at	2026-05-07T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07685
published_at	2026-05-09T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07679
published_at	2026-05-11T12:55:00Z

value	0.00027
scoring_system	epss
scoring_elements	0.07701
published_at	2026-05-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3251

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3251
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3251

reference_url	http://secunia.com/advisories/59356
reference_id
reference_type
scores
url	http://secunia.com/advisories/59356

reference_url	http://secunia.com/advisories/60066
reference_id
reference_type
scores
url	http://secunia.com/advisories/60066

reference_url	http://www.osvdb.org/109257
reference_id
reference_type
scores
url	http://www.osvdb.org/109257

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1105713
reference_id	1105713
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1105713

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758701
reference_id	758701
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=758701

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:mcollective:-:::::::*
reference_id	cpe:2.3:a:puppetlabs:mcollective:-:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppetlabs:mcollective:-:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise::::::::
reference_id	cpe:2.3:a:puppet:puppet_enterprise::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:puppet:puppet_enterprise::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3251

reference_id

CVE-2014-3251

reference_type

scores

value	4.4
scoring_system	cvssv2
scoring_elements	AV:L/AC:M/Au:N/C:P/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3251

reference_url	https://security.gentoo.org/glsa/201412-15
reference_id	GLSA-201412-15
reference_type
scores
url	https://security.gentoo.org/glsa/201412-15

Weaknesses

cwe_id	348
name	Use of Less Trusted Source
description	The product has two different sources of the same data or information, but it uses the source that has less support for verification, is less trusted, or is less resistant to attack.

cwe_id	362
name	Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
description	The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.

Exploits

Severity_range_score 4.4 - 4.4

Exploitability 0.5

Weighted_severity 4.0

Risk_score 2.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6raq-jq1v-cyde

Vulnerability Instance