Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1035549?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1035549?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1", "type": "deb", "namespace": "debian", "name": "nginx", "version": "1.6.2-5+deb8u2~bpo70+1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.22.1-9+deb12u4", "latest_non_vulnerable_version": "1.28.3-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14?format=api", "vulnerability_id": "VCID-22cq-z7km-cfdc", "summary": "SSL session reuse vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88128", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88147", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88153", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88163", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88156", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88105", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88121", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403", "reference_id": "1095403", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344005", "reference_id": "2344005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23419", "reference_id": "CVE-2025-23419", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23419" }, { "reference_url": "https://my.f5.com/manage/s/article/K000149173", "reference_id": "K000149173", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T18:12:47Z/" } ], "url": "https://my.f5.com/manage/s/article/K000149173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7331", "reference_id": "RHSA-2025:7331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7331" }, { "reference_url": "https://usn.ubuntu.com/7285-1/", "reference_id": "USN-7285-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7285-1/" }, { "reference_url": "https://usn.ubuntu.com/7285-2/", "reference_id": "USN-7285-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7285-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2025-23419" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-22cq-z7km-cfdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90808?format=api", "vulnerability_id": "VCID-36pf-ddpb-3khs", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85278", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85203", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85235", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85257", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.8528", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724" }, { "reference_url": "https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa" }, { "reference_url": "https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210129-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210129-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4750" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950", "reference_id": "964950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11724", "reference_id": "CVE-2020-11724", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11724" }, { "reference_url": "https://usn.ubuntu.com/5371-1/", "reference_id": "USN-5371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-1/" }, { "reference_url": "https://usn.ubuntu.com/5371-3/", "reference_id": "USN-5371-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-11724" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36pf-ddpb-3khs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81680?format=api", "vulnerability_id": "VCID-3ysf-pvuu-47bs", "summary": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98652", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98656", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98659", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.9866", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98664", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98665", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277", "reference_id": "1790277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579", "reference_id": "948579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2817", "reference_id": "RHSA-2020:2817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5495", "reference_id": "RHSA-2020:5495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0778", "reference_id": "RHSA-2021:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0779", "reference_id": "RHSA-2021:0779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0779" }, { "reference_url": "https://usn.ubuntu.com/4235-1/", "reference_id": "USN-4235-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4235-1/" }, { "reference_url": "https://usn.ubuntu.com/4235-2/", "reference_id": "USN-4235-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4235-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-20372" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ysf-pvuu-47bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41?format=api", "vulnerability_id": "VCID-64n7-ygvq-cfds", "summary": "Excessive memory usage in HTTP/2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98063", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98076", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98081", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.9807", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98071", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98075", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644511", "reference_id": "1644511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644511" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090", "reference_id": "913090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16843", "reference_id": "CVE-2018-16843", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3653", "reference_id": "RHSA-2018:3653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3680", "reference_id": "RHSA-2018:3680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3681", "reference_id": "RHSA-2018:3681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "reference_url": "https://usn.ubuntu.com/3812-1/", "reference_id": "USN-3812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3812-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2018-16843" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64n7-ygvq-cfds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45?format=api", "vulnerability_id": "VCID-9hzg-r1fj-pubf", "summary": "Excessive CPU usage in HTTP/2 with priority changes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91201", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.9125", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91248", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91215", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741", "reference_id": "1735741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513", "reference_id": "CVE-2019-9513", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9513" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9?format=api", "vulnerability_id": "VCID-bana-j1wy-cfdy", "summary": "Excessive CPU usage in HTTP/2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93353", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93386", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93384", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93361", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93381", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644510", "reference_id": "1644510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644510" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090", "reference_id": "913090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16844", "reference_id": "CVE-2018-16844", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3680", "reference_id": "RHSA-2018:3680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3681", "reference_id": "RHSA-2018:3681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "reference_url": "https://usn.ubuntu.com/3812-1/", "reference_id": "USN-3812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3812-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2018-16844" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bana-j1wy-cfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70179?format=api", "vulnerability_id": "VCID-c4ta-jqmg-wfgf", "summary": "lua-nginx-module: HTTP request smuggling via a crafted HEAD request", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.721", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72123", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72108", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72051", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361691", "reference_id": "2361691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361691" }, { "reference_url": "https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/", "reference_id": "OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T19:26:16Z/" } ], "url": "https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2024-33452" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ta-jqmg-wfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15?format=api", "vulnerability_id": "VCID-c9ym-ckeq-63dq", "summary": "Memory corruption in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74897", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74895", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74882", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74849", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141495", "reference_id": "2141495", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141495" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/", "reference_id": "BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741", "reference_id": "CVE-2022-41741", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5281", "reference_id": "dsa-5281", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/", "reference_id": "FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "reference_url": "https://support.f5.com/csp/article/K81926432", "reference_id": "K81926432", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://support.f5.com/csp/article/K81926432" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html", "reference_id": "msg00031.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230120-0005/", "reference_id": "ntap-20230120-0005", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7402", "reference_id": "RHSA-2025:7402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7546", "reference_id": "RHSA-2025:7546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7619", "reference_id": "RHSA-2025:7619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7619" }, { "reference_url": "https://usn.ubuntu.com/5722-1/", "reference_id": "USN-5722-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5722-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/", "reference_id": "WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-41741" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ym-ckeq-63dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34?format=api", "vulnerability_id": "VCID-cbn4-utmp-n7ba", "summary": "1-byte memory overwrite in resolver", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98797", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98805", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98804", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98801", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" }, { "reference_url": "https://nginx.org/download/patch.2021.resolver.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2021.resolver.txt" }, { "reference_url": "https://nginx.org/download/patch.2021.resolver.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2021.resolver.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963121", "reference_id": "1963121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963121" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095", "reference_id": "989095", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095" }, { "reference_url": "https://security.archlinux.org/ASA-202106-36", "reference_id": "ASA-202106-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-36" }, { "reference_url": "https://security.archlinux.org/ASA-202106-48", "reference_id": "ASA-202106-48", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-48" }, { "reference_url": "https://security.archlinux.org/AVG-1987", "reference_id": "AVG-1987", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1987" }, { "reference_url": "https://security.archlinux.org/AVG-1988", "reference_id": "AVG-1988", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1988" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py", "reference_id": "CVE-2021-23017", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017", "reference_id": "CVE-2021-23017", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017" }, { "reference_url": "https://security.gentoo.org/glsa/202105-38", "reference_id": "GLSA-202105-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2258", "reference_id": "RHSA-2021:2258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2259", "reference_id": "RHSA-2021:2259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2278", "reference_id": "RHSA-2021:2278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2290", "reference_id": "RHSA-2021:2290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3653", "reference_id": "RHSA-2021:3653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3851", "reference_id": "RHSA-2021:3851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3925", "reference_id": "RHSA-2021:3925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0323", "reference_id": "RHSA-2022:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0323" }, { "reference_url": "https://usn.ubuntu.com/4967-1/", "reference_id": "USN-4967-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4967-1/" }, { "reference_url": "https://usn.ubuntu.com/4967-2/", "reference_id": "USN-4967-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4967-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-23017" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbn4-utmp-n7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16?format=api", "vulnerability_id": "VCID-cjx4-a19z-xufq", "summary": "Integer overflow in the range filter", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99689", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99693", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.9969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99691", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.92868", "scoring_system": "epss", "scoring_elements": "0.99768", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "reference_url": "https://nginx.org/download/patch.2017.ranges.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2017.ranges.txt" }, { "reference_url": "https://nginx.org/download/patch.2017.ranges.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2017.ranges.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", "reference_id": "1468584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468584" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109", "reference_id": "868109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109" }, { "reference_url": "https://security.archlinux.org/ASA-201707-11", "reference_id": "ASA-201707-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-11" }, { "reference_url": "https://security.archlinux.org/ASA-201707-12", "reference_id": "ASA-201707-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-12" }, { "reference_url": "https://security.archlinux.org/AVG-345", "reference_id": "AVG-345", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-345" }, { "reference_url": "https://security.archlinux.org/AVG-346", "reference_id": "AVG-346", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-346" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", "reference_id": "CVE-2017-7529", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2538", "reference_id": "RHSA-2017:2538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "reference_url": "https://usn.ubuntu.com/3352-1/", "reference_id": "USN-3352-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3352-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2017-7529" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjx4-a19z-xufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25?format=api", "vulnerability_id": "VCID-dmv4-ydq9-a7eq", "summary": "Excessive CPU usage in HTTP/2 with small window updates", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94283", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94302", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94313", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94292", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860", "reference_id": "1741860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "reference_id": "CVE-2019-9511", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9511" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12?format=api", "vulnerability_id": "VCID-e49f-y1ky-5yb4", "summary": "Insufficient limits of CNAME resolution in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.9688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96884", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96889", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0747" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589", "reference_id": "1302589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747", "reference_id": "CVE-2016-0747", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0747" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e49f-y1ky-5yb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6?format=api", "vulnerability_id": "VCID-eb23-pd25-yqg3", "summary": "Buffer overread in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41622", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.423", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42377", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42341", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42358", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html" }, { "reference_url": "https://nginx.org/download/patch.2024.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2024.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2024.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2024.mp4.txt.asc" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971", "reference_id": "1078971", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304966", "reference_id": "2304966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304966" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7347", "reference_id": "CVE-2024-7347", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7347" }, { "reference_url": "https://security.gentoo.org/glsa/202409-32", "reference_id": "GLSA-202409-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-32" }, { "reference_url": "https://my.f5.com/manage/s/article/K000140529", "reference_id": "K000140529", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:27:31Z/" } ], "url": "https://my.f5.com/manage/s/article/K000140529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3261", "reference_id": "RHSA-2025:3261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3262", "reference_id": "RHSA-2025:3262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7402", "reference_id": "RHSA-2025:7402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7542", "reference_id": "RHSA-2025:7542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7546", "reference_id": "RHSA-2025:7546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7548", "reference_id": "RHSA-2025:7548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7549", "reference_id": "RHSA-2025:7549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7619", "reference_id": "RHSA-2025:7619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7619" }, { "reference_url": "https://usn.ubuntu.com/7014-1/", "reference_id": "USN-7014-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7014-1/" }, { "reference_url": "https://usn.ubuntu.com/7014-2/", "reference_id": "USN-7014-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7014-2/" }, { "reference_url": "https://usn.ubuntu.com/7014-3/", "reference_id": "USN-7014-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7014-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2024-7347" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb23-pd25-yqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92255?format=api", "vulnerability_id": "VCID-fgaf-wqmd-gqf3", "summary": "nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)", "references": [ { "reference_url": "https://access.redhat.com/security/cve/cve-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2011-4968" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60112", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.59987", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60089", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60059", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6011", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60123", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60145", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4968" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/01/03/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/01/03/8" }, { "reference_url": "http://www.securityfocus.com/bid/57139", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57139" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940", "reference_id": "697940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4968", "reference_id": "CVE-2011-4968", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4968" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2011-4968" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgaf-wqmd-gqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23?format=api", "vulnerability_id": "VCID-jtgk-h6v6-2fgs", "summary": "Use-after-free during CNAME response processing in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94296", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94335", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94316", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0746" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588", "reference_id": "1302588", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0746", "reference_id": "CVE-2016-0746", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0746" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0746" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtgk-h6v6-2fgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48?format=api", "vulnerability_id": "VCID-kcsp-h1s5-wbea", "summary": "Excessive memory usage in HTTP/2 with zero length headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.8426", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84319", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84337", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.8433", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84291", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84292", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864", "reference_id": "1741864", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516", "reference_id": "CVE-2019-9516", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2950", "reference_id": "RHSA-2019:2950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9516" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsp-h1s5-wbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44?format=api", "vulnerability_id": "VCID-nckn-qkc8-t7ge", "summary": "Memory disclosure in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90931", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90981", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90966", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "reference_url": "https://nginx.org/download/patch.2018.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2018.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2018.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2018.mp4.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644508", "reference_id": "1644508", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644508" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090", "reference_id": "913090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16845", "reference_id": "CVE-2018-16845", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3652", "reference_id": "RHSA-2018:3652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3653", "reference_id": "RHSA-2018:3653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3680", "reference_id": "RHSA-2018:3680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3681", "reference_id": "RHSA-2018:3681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "reference_url": "https://usn.ubuntu.com/3812-1/", "reference_id": "USN-3812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3812-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2018-16845" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nckn-qkc8-t7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59738?format=api", "vulnerability_id": "VCID-p933-hxvk-37bk", "summary": "Gentoo's NGINX ebuilds are vulnerable to privilege escalation due\n to the way log files are handled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92947", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92976", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92977", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92975", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92956", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92961", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.9296", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92968", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390182", "reference_id": "1390182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390182" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295", "reference_id": "842295", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295" }, { "reference_url": "https://security.archlinux.org/ASA-201701-23", "reference_id": "ASA-201701-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-23" }, { "reference_url": "https://security.archlinux.org/ASA-201701-24", "reference_id": "ASA-201701-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-24" }, { "reference_url": "https://security.archlinux.org/AVG-138", "reference_id": "AVG-138", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-138" }, { "reference_url": "https://security.archlinux.org/AVG-139", "reference_id": "AVG-139", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-139" }, { "reference_url": "http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html", "reference_id": "CVE-2016-1247", "reference_type": "exploit", "scores": [], "url": "http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh", "reference_id": "CVE-2016-1247", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh" }, { "reference_url": "https://security.gentoo.org/glsa/201701-22", "reference_id": "GLSA-201701-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-22" }, { "reference_url": "https://usn.ubuntu.com/3114-1/", "reference_id": "USN-3114-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3114-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-1247" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p933-hxvk-37bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37?format=api", "vulnerability_id": "VCID-qzcz-zvv6-dyda", "summary": "Invalid pointer dereference in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99122", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99113", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99114", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.9912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99121", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0742" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587", "reference_id": "1302587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0742", "reference_id": "CVE-2016-0742", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0742" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0742" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzcz-zvv6-dyda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10?format=api", "vulnerability_id": "VCID-rsr7-p977-tycc", "summary": "NULL pointer dereference while writing client request body", "references": [ { "reference_url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88453", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88405", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88445", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88451", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88454", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88414", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88422", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88426", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "reference_url": "https://nginx.org/download/patch.2016.write2.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write2.txt" }, { "reference_url": "https://nginx.org/download/patch.2016.write2.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write2.txt.asc" }, { "reference_url": "https://nginx.org/download/patch.2016.write.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write.txt" }, { "reference_url": "https://nginx.org/download/patch.2016.write.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write.txt.asc" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3592", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3592" }, { "reference_url": "http://www.securityfocus.com/bid/90967", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90967" }, { "reference_url": "http://www.securitytracker.com/id/1036019", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036019" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2991-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2991-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462", "reference_id": "1341462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960", "reference_id": "825960", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4450", "reference_id": "CVE-2016-4450", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4450" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2991-1/", "reference_id": "USN-2991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-4450" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsr7-p977-tycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80226?format=api", "vulnerability_id": "VCID-u8aq-2qhu-gff5", "summary": "ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69833", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69886", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69902", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.6991", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69845", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.6986", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69837", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623", "reference_id": "1975623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328", "reference_id": "991328", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329", "reference_id": "991329", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331", "reference_id": "991331", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331" }, { "reference_url": "https://security.archlinux.org/AVG-2101", "reference_id": "AVG-2101", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2101" }, { "reference_url": "https://security.archlinux.org/AVG-2102", "reference_id": "AVG-2102", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2102" }, { "reference_url": "https://security.archlinux.org/AVG-2103", "reference_id": "AVG-2103", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2103" }, { "reference_url": "https://usn.ubuntu.com/5371-1/", "reference_id": "USN-5371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-1/" }, { "reference_url": "https://usn.ubuntu.com/5371-2/", "reference_id": "USN-5371-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-2/" }, { "reference_url": "https://usn.ubuntu.com/6379-1/", "reference_id": "USN-6379-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6379-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3618" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8aq-2qhu-gff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85848?format=api", "vulnerability_id": "VCID-uqb5-ensa-8yht", "summary": "regression update", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" } ], "aliases": [ "DSA-3701-2 nginx" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqb5-ensa-8yht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22?format=api", "vulnerability_id": "VCID-wc3j-5xmu-kyex", "summary": "Memory disclosure in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.27047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2701", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26855", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26912", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26953", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26906", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26837", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141496", "reference_id": "2141496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141496" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/", "reference_id": "BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742", "reference_id": "CVE-2022-41742", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5281", "reference_id": "dsa-5281", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/", "reference_id": "FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "reference_url": "https://support.f5.com/csp/article/K28112382", "reference_id": "K28112382", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://support.f5.com/csp/article/K28112382" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html", "reference_id": "msg00031.html", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230120-0005/", "reference_id": "ntap-20230120-0005", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7402", "reference_id": "RHSA-2025:7402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7546", "reference_id": "RHSA-2025:7546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7619", "reference_id": "RHSA-2025:7619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7619" }, { "reference_url": "https://usn.ubuntu.com/5722-1/", "reference_id": "USN-5722-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5722-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/", "reference_id": "WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-41742" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc3j-5xmu-kyex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94585?format=api", "vulnerability_id": "VCID-y3tg-7fge-1yfy", "summary": "ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.61963", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62034", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62065", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62084", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62102", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62111", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6209", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787", "reference_id": "986787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787" }, { "reference_url": "https://usn.ubuntu.com/5371-1/", "reference_id": "USN-5371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2020-36309" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3tg-7fge-1yfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83977?format=api", "vulnerability_id": "VCID-yu2j-f4q9-bbcx", "summary": "nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87118", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87087", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87108", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87128", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87123", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005" }, { "reference_url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf", "reference_id": "0206ebe76f748bb39d9de4dd4b3fce777fdfdccf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf" }, { "reference_url": "https://trac.nginx.org/nginx/ticket/1368", "reference_id": "1368", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://trac.nginx.org/nginx/ticket/1368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974192", "reference_id": "1974192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974192" }, { "reference_url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b", "reference_id": "b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b" }, { "reference_url": "http://nginx.org/en/CHANGES", "reference_id": "CHANGES", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "http://nginx.org/en/CHANGES" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html", "reference_id": "msg00009.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0006/", "reference_id": "ntap-20210805-0006", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0006/" }, { "reference_url": "https://usn.ubuntu.com/5109-1/", "reference_id": "USN-5109-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5109-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2017-20005" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu2j-f4q9-bbcx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12?format=api", "vulnerability_id": "VCID-e49f-y1ky-5yb4", "summary": "Insufficient limits of CNAME resolution in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.9688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96884", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96889", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0747" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589", "reference_id": "1302589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747", "reference_id": "CVE-2016-0747", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035549?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0747" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e49f-y1ky-5yb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23?format=api", "vulnerability_id": "VCID-jtgk-h6v6-2fgs", "summary": "Use-after-free during CNAME response processing in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94296", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94335", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94316", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0746" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588", "reference_id": "1302588", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0746", "reference_id": "CVE-2016-0746", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0746" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035549?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0746" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtgk-h6v6-2fgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37?format=api", "vulnerability_id": "VCID-qzcz-zvv6-dyda", "summary": "Invalid pointer dereference in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99122", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99113", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99114", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.9912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99121", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0742" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587", "reference_id": "1302587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0742", "reference_id": "CVE-2016-0742", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0742" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035549?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0742" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzcz-zvv6-dyda" } ], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1" }