Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-tq7z-791w-pfgc
Vulnerability ID VCID-tq7z-791w-pfgc
Aliases CVE-2016-3115
Summary
Status Published
Exploitability 2.0
Weighted Severity 5.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
cvssv3.1 6.4 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
ssvc Track http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
cvssv3.1 6.4 http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
ssvc Track http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
cvssv3.1 6.4 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
ssvc Track http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
cvssv3.1 6.4 http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
ssvc Track http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
cvssv3.1 6.4 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
ssvc Track http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
cvssv3.1 6.4 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
ssvc Track http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
cvssv3.1 6.4 http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
ssvc Track http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
cvssv3.1 6.4 http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
ssvc Track http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
cvssv3.1 6.4 http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
ssvc Track http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
cvssv3.1 6.4 http://rhn.redhat.com/errata/RHSA-2016-0465.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2016-0465.html
cvssv3.1 6.4 http://rhn.redhat.com/errata/RHSA-2016-0466.html
ssvc Track http://rhn.redhat.com/errata/RHSA-2016-0466.html
epss 0.50367 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
epss 0.50367 https://api.first.org/data/v1/epss?cve=CVE-2016-3115
cvssv3.1 6.4 https://bto.bluecoat.com/security-advisory/sa121
ssvc Track https://bto.bluecoat.com/security-advisory/sa121
cvssv3.1 6.4 http://seclists.org/fulldisclosure/2016/Mar/46
ssvc Track http://seclists.org/fulldisclosure/2016/Mar/46
cvssv3.1 6.4 http://seclists.org/fulldisclosure/2016/Mar/47
ssvc Track http://seclists.org/fulldisclosure/2016/Mar/47
cvssv2 4.9 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 6.4 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
ssvc Track https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
cvssv3.1 6.4 https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
ssvc Track https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
cvssv3.1 6.4 https://security.gentoo.org/glsa/201612-18
ssvc Track https://security.gentoo.org/glsa/201612-18
cvssv3.1 6.4 https://www.exploit-db.com/exploits/39569/
ssvc Track https://www.exploit-db.com/exploits/39569/
cvssv3.1 6.4 https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
ssvc Track https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
cvssv3.1 6.4 http://www.openssh.com/txt/x11fwd.adv
ssvc Track http://www.openssh.com/txt/x11fwd.adv
cvssv3.1 6.4 http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
ssvc Track http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
cvssv3.1 6.4 http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
ssvc Track http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
cvssv3.1 6.4 http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
ssvc Track http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
cvssv3.1 6.4 http://www.securityfocus.com/bid/84314
ssvc Track http://www.securityfocus.com/bid/84314
cvssv3.1 6.4 http://www.securitytracker.com/id/1035249
ssvc Track http://www.securitytracker.com/id/1035249
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-3115.json
https://api.first.org/data/v1/epss?cve=CVE-2016-3115
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3115
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1035249 http://www.securitytracker.com/id/1035249
1316829 https://bugzilla.redhat.com/show_bug.cgi?id=1316829
178838.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
179924.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
180491.html http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
183101.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
183122.html http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
184264.html http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
201612-18 https://security.gentoo.org/glsa/201612-18
39569 https://www.exploit-db.com/exploits/39569/
46 http://seclists.org/fulldisclosure/2016/Mar/46
47 http://seclists.org/fulldisclosure/2016/Mar/47
84314 http://www.securityfocus.com/bid/84314
bulletinapr2016-2952098.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
cve-2016-3115 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
CVE-2016-3115 Exploit https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115
CVE-2016-3115 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/39569.py
FreeBSD-SA-16:14.openssh.asc https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
linuxbulletinapr2016-2952096.html http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
msg00010.html https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
RHSA-2016:0465 https://access.redhat.com/errata/RHSA-2016:0465
RHSA-2016-0465.html http://rhn.redhat.com/errata/RHSA-2016-0465.html
RHSA-2016:0466 https://access.redhat.com/errata/RHSA-2016:0466
RHSA-2016-0466.html http://rhn.redhat.com/errata/RHSA-2016-0466.html
sa121 https://bto.bluecoat.com/security-advisory/sa121
session.c http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
session.c.diff?r1=1.281&r2=1.282&f=h http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
USN-2966-1 https://usn.ubuntu.com/2966-1/
x11fwd.adv http://www.openssh.com/txt/x11fwd.adv
Data source Exploit-DB
Date added March 16, 2016
Description OpenSSH 7.2p1 - (Authenticated) xauth Command Injection
Ransomware campaign use Unknown
Source publication date March 16, 2016
Exploit type remote
Platform multiple
Source update date Jan. 11, 2018
Source URL https://github.com/tintinweb/pub/tree/e8fe09e2123f07f09e3f8e34fc4e3e58fe804fd4/pocs/cve-2016-3115
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/session.c.diff?r1=1.281&r2=1.282&f=h
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183101.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-April/183122.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-March/178838.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179924.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-March/180491.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://lists.fedoraproject.org/pipermail/package-announce/2016-May/184264.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://packetstormsecurity.com/files/136234/OpenSSH-7.2p1-xauth-Command-Injection-Bypass.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0465.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0465.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://rhn.redhat.com/errata/RHSA-2016-0466.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://rhn.redhat.com/errata/RHSA-2016-0466.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://bto.bluecoat.com/security-advisory/sa121
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at https://bto.bluecoat.com/security-advisory/sa121
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2016/Mar/46
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://seclists.org/fulldisclosure/2016/Mar/46
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://seclists.org/fulldisclosure/2016/Mar/47
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://seclists.org/fulldisclosure/2016/Mar/47
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-3115
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at https://lists.debian.org/debian-lts-announce/2018/09/msg00010.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://security.gentoo.org/glsa/201612-18
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at https://security.gentoo.org/glsa/201612-18
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://www.exploit-db.com/exploits/39569/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at https://www.exploit-db.com/exploits/39569/
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at https://www.freebsd.org/security/advisories/FreeBSD-SA-16:14.openssh.asc
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://www.openssh.com/txt/x11fwd.adv
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://www.openssh.com/txt/x11fwd.adv
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://www.securityfocus.com/bid/84314
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://www.securityfocus.com/bid/84314
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N Found at http://www.securitytracker.com/id/1035249
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T20:26:37Z/ Found at http://www.securitytracker.com/id/1035249
Exploit Prediction Scoring System (EPSS)
Percentile 0.97901
EPSS Score 0.50367
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:05:15.174580+00:00 SUSE Severity Score Importer Import https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml 38.6.0