Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/1037931?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "type": "deb", "namespace": "debian", "name": "nss", "version": "2:3.42.1-1+deb10u5", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:3.87.1-1+deb12u2", "latest_non_vulnerable_version": "2:3.87.1-1+deb12u2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63103?format=api", "vulnerability_id": "VCID-2zrv-q4tb-wqeg", "summary": "The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks.\nBoth the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel.\nBy sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key.\nThe issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4421.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4421.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4421", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.4514", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45171", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45138", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45132", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45154", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45096", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00224", "scoring_system": "epss", "scoring_elements": "0.45149", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-4421" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4421", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4421" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238677", "reference_id": "2238677", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2238677" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-53", "reference_id": "mfsa2023-53", "reference_type": "", "scores": [ { "value": "none", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-53" }, { "reference_url": "https://usn.ubuntu.com/6727-1/", "reference_id": "USN-6727-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6727-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-4421" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2zrv-q4tb-wqeg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44219?format=api", "vulnerability_id": "VCID-46cy-x3cp-tke5", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0743.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0743.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0743", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76033", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.75979", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76039", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76062", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76037", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76023", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.7599", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76011", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-0743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260012", "reference_id": "2260012", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2260012" }, { "reference_url": "https://security.gentoo.org/glsa/202402-26", "reference_id": "GLSA-202402-26", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202402-26" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-01", "reference_id": "mfsa2024-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-01/", "reference_id": "mfsa2024-01", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-13", "reference_id": "mfsa2024-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-13/", "reference_id": "mfsa2024-13", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-14", "reference_id": "mfsa2024-14", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-14" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-14/", "reference_id": "mfsa2024-14", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-14/" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html", "reference_id": "msg00010.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html", "reference_id": "msg00022.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html", "reference_id": "msg00028.html", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1483", "reference_id": "RHSA-2024:1483", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1483" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1484", "reference_id": "RHSA-2024:1484", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1484" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1485", "reference_id": "RHSA-2024:1485", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1485" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1486", "reference_id": "RHSA-2024:1486", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1486" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1487", "reference_id": "RHSA-2024:1487", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1487" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1488", "reference_id": "RHSA-2024:1488", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1488" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1489", "reference_id": "RHSA-2024:1489", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1489" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1490", "reference_id": "RHSA-2024:1490", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1490" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1491", "reference_id": "RHSA-2024:1491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1492", "reference_id": "RHSA-2024:1492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1493", "reference_id": "RHSA-2024:1493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1494", "reference_id": "RHSA-2024:1494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1495", "reference_id": "RHSA-2024:1495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1496", "reference_id": "RHSA-2024:1496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1497", "reference_id": "RHSA-2024:1497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1498", "reference_id": "RHSA-2024:1498", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1498" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1499", "reference_id": "RHSA-2024:1499", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1499" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1500", "reference_id": "RHSA-2024:1500", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1500" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408", "reference_id": "show_bug.cgi?id=1867408", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1867408" }, { "reference_url": "https://usn.ubuntu.com/6610-1/", "reference_id": "USN-6610-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6610-1/" }, { "reference_url": "https://usn.ubuntu.com/6717-1/", "reference_id": "USN-6717-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6717-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994642?format=api", "purl": "pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-gret-hn3p-5kbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1" } ], "aliases": [ "CVE-2024-0743" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46cy-x3cp-tke5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63130?format=api", "vulnerability_id": "VCID-6fvj-phnx-kfgs", "summary": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75599", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75663", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75682", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75601", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75632", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75646", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791225", "reference_id": "1791225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791225" }, { "reference_url": "https://security.archlinux.org/ASA-202001-1", "reference_id": "ASA-202001-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202001-1" }, { "reference_url": "https://security.archlinux.org/AVG-1084", "reference_id": "AVG-1084", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1084" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01", "reference_id": "mfsa2020-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4234-1/", "reference_id": "USN-4234-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4234-1/" }, { "reference_url": "https://usn.ubuntu.com/4397-1/", "reference_id": "USN-4397-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4397-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17023" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fvj-phnx-kfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81704?format=api", "vulnerability_id": "VCID-7msj-wyd6-zkbe", "summary": "nss: Check length of inputs for cryptographic primitives", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86605", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86636", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86654", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86664", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86677", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86675", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86668", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775916", "reference_id": "1775916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0758", "reference_id": "RHSA-2021:0758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0876", "reference_id": "RHSA-2021:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1026", "reference_id": "RHSA-2021:1026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1026" }, { "reference_url": "https://usn.ubuntu.com/4231-1/", "reference_id": "USN-4231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17006" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7msj-wyd6-zkbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32064?format=api", "vulnerability_id": "VCID-8qtg-h4km-bfg2", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11719.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11719.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11719", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.6355", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63534", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63517", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63413", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63465", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.63473", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00447", "scoring_system": "epss", "scoring_elements": "0.635", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11719" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728436", "reference_id": "1728436", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728436" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://security.gentoo.org/glsa/201908-12", "reference_id": "GLSA-201908-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-12" }, { "reference_url": "https://security.gentoo.org/glsa/201908-20", "reference_id": "GLSA-201908-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22", "reference_id": "mfsa2019-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23", "reference_id": "mfsa2019-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1951", "reference_id": "RHSA-2019:1951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4054-1/", "reference_id": "USN-4054-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4054-1/" }, { "reference_url": "https://usn.ubuntu.com/4060-1/", "reference_id": "USN-4060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4060-1/" }, { "reference_url": "https://usn.ubuntu.com/4060-2/", "reference_id": "USN-4060-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4060-2/" }, { "reference_url": "https://usn.ubuntu.com/4064-1/", "reference_id": "USN-4064-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4064-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11719" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-8qtg-h4km-bfg2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33937?format=api", "vulnerability_id": "VCID-cgvg-aj53-kkbp", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0767", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50523", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.505", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50477", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50481", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50484", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.5043", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0027", "scoring_system": "epss", "scoring_elements": "0.50485", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-0767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170377", "reference_id": "2170377", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2170377" }, { "reference_url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html", "reference_id": "ALAS-2023-1992.html", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/" } ], "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html" }, { "reference_url": "https://security.gentoo.org/glsa/202305-35", "reference_id": "GLSA-202305-35", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202305-35" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-05", "reference_id": "mfsa2023-05", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-05" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-05/", "reference_id": "mfsa2023-05", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-05/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-06", "reference_id": "mfsa2023-06", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-06" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-06/", "reference_id": "mfsa2023-06", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-06/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-07", "reference_id": "mfsa2023-07", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2023-07" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2023-07/", "reference_id": "mfsa2023-07", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2023-07/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1252", "reference_id": "RHSA-2023:1252", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1252" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1332", "reference_id": "RHSA-2023:1332", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1365", "reference_id": "RHSA-2023:1365", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1365" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1366", "reference_id": "RHSA-2023:1366", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1366" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1368", "reference_id": "RHSA-2023:1368", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1368" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1369", "reference_id": "RHSA-2023:1369", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1369" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1370", "reference_id": "RHSA-2023:1370", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1370" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1406", "reference_id": "RHSA-2023:1406", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1406" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1436", "reference_id": "RHSA-2023:1436", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1436" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1442", "reference_id": "RHSA-2023:1442", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1442" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1443", "reference_id": "RHSA-2023:1443", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1443" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1444", "reference_id": "RHSA-2023:1444", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1444" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1445", "reference_id": "RHSA-2023:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1472", "reference_id": "RHSA-2023:1472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1479", "reference_id": "RHSA-2023:1479", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1479" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1677", "reference_id": "RHSA-2023:1677", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1677" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804640", "reference_id": "show_bug.cgi?id=1804640", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1804640" }, { "reference_url": "https://usn.ubuntu.com/5880-1/", "reference_id": "USN-5880-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5880-1/" }, { "reference_url": "https://usn.ubuntu.com/5892-1/", "reference_id": "USN-5892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5892-1/" }, { "reference_url": "https://usn.ubuntu.com/5892-2/", "reference_id": "USN-5892-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5892-2/" }, { "reference_url": "https://usn.ubuntu.com/5943-1/", "reference_id": "USN-5943-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5943-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2023-0767" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cgvg-aj53-kkbp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62052?format=api", "vulnerability_id": "VCID-ewe9-39b1-kba2", "summary": "A vulnerability in NSS might allow remote attackers to cause a\n Denial of Service condition.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25648.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25648.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25648", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27152", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27192", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27229", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27022", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27091", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27137", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27141", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27097", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.2704", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-25648" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319", "reference_id": "1887319", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1887319" }, { "reference_url": "https://security.gentoo.org/glsa/202012-21", "reference_id": "GLSA-202012-21", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-21" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1384", "reference_id": "RHSA-2021:1384", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1384" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3572", "reference_id": "RHSA-2021:3572", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3572" }, { "reference_url": "https://usn.ubuntu.com/5410-1/", "reference_id": "USN-5410-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5410-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-25648" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ewe9-39b1-kba2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32066?format=api", "vulnerability_id": "VCID-hs5f-21nx-gfeb", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11729.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11729.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11729", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67967", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67949", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67927", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67978", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67991", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.68001", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.67907", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0055", "scoring_system": "epss", "scoring_elements": "0.6793", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11729" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728437", "reference_id": "1728437", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1728437" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://security.gentoo.org/glsa/201908-12", "reference_id": "GLSA-201908-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-12" }, { "reference_url": "https://security.gentoo.org/glsa/201908-20", "reference_id": "GLSA-201908-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22", "reference_id": "mfsa2019-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23", "reference_id": "mfsa2019-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1951", "reference_id": "RHSA-2019:1951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4190", "reference_id": "RHSA-2019:4190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4190" }, { "reference_url": "https://usn.ubuntu.com/4054-1/", "reference_id": "USN-4054-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4054-1/" }, { "reference_url": "https://usn.ubuntu.com/4060-1/", "reference_id": "USN-4060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4060-1/" }, { "reference_url": "https://usn.ubuntu.com/4060-2/", "reference_id": "USN-4060-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4060-2/" }, { "reference_url": "https://usn.ubuntu.com/4064-1/", "reference_id": "USN-4064-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4064-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11729" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5f-21nx-gfeb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56913?format=api", "vulnerability_id": "VCID-jrsz-ynp7-wbb2", "summary": "Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89971", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89976", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89984", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0538", "scoring_system": "epss", "scoring_elements": "0.9008", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0538", "scoring_system": "epss", "scoring_elements": "0.90065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0538", "scoring_system": "epss", "scoring_elements": "0.90068", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024370", "reference_id": "2024370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024370" }, { "reference_url": "https://security.archlinux.org/ASA-202112-3", "reference_id": "ASA-202112-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202112-3" }, { "reference_url": "https://security.archlinux.org/ASA-202112-4", "reference_id": "ASA-202112-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202112-4" }, { "reference_url": "https://security.archlinux.org/AVG-2596", "reference_id": "AVG-2596", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2596" }, { "reference_url": "https://security.archlinux.org/AVG-2597", "reference_id": "AVG-2597", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2597" }, { "reference_url": "https://security.gentoo.org/glsa/202212-05", "reference_id": "GLSA-202212-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51", "reference_id": "mfsa2021-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4903", "reference_id": "RHSA-2021:4903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4904", "reference_id": "RHSA-2021:4904", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4907", "reference_id": "RHSA-2021:4907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4909", "reference_id": "RHSA-2021:4909", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4919", "reference_id": "RHSA-2021:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4932", "reference_id": "RHSA-2021:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4933", "reference_id": "RHSA-2021:4933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4946", "reference_id": "RHSA-2021:4946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4953", "reference_id": "RHSA-2021:4953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4954", "reference_id": "RHSA-2021:4954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4969", "reference_id": "RHSA-2021:4969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4994", "reference_id": "RHSA-2021:4994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5006", "reference_id": "RHSA-2021:5006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5035", "reference_id": "RHSA-2021:5035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5035" }, { "reference_url": "https://usn.ubuntu.com/5168-1/", "reference_id": "USN-5168-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-1/" }, { "reference_url": "https://usn.ubuntu.com/5168-2/", "reference_id": "USN-5168-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-2/" }, { "reference_url": "https://usn.ubuntu.com/5168-3/", "reference_id": "USN-5168-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-3/" }, { "reference_url": "https://usn.ubuntu.com/5168-4/", "reference_id": "USN-5168-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43527" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrsz-ynp7-wbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61777?format=api", "vulnerability_id": "VCID-k2s2-zkua-8ydy", "summary": "NSS has an information disclosure vulnerability when handling DSA\n keys.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26737", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2693", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26718", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26787", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26836", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26854", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26895", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826177", "reference_id": "1826177", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826177" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752", "reference_id": "961752", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752" }, { "reference_url": "https://security.archlinux.org/ASA-202006-1", "reference_id": "ASA-202006-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-1" }, { "reference_url": "https://security.archlinux.org/ASA-202006-4", "reference_id": "ASA-202006-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-4" }, { "reference_url": "https://security.archlinux.org/AVG-1173", "reference_id": "AVG-1173", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1173" }, { "reference_url": "https://security.archlinux.org/AVG-1179", "reference_id": "AVG-1179", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1179" }, { "reference_url": "https://security.gentoo.org/glsa/202007-49", "reference_id": "GLSA-202007-49", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-49" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20", "reference_id": "mfsa2020-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21", "reference_id": "mfsa2020-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22", "reference_id": "mfsa2020-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://usn.ubuntu.com/4383-1/", "reference_id": "USN-4383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4383-1/" }, { "reference_url": "https://usn.ubuntu.com/4397-1/", "reference_id": "USN-4397-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4397-1/" }, { "reference_url": "https://usn.ubuntu.com/4397-2/", "reference_id": "USN-4397-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4397-2/" }, { "reference_url": "https://usn.ubuntu.com/4421-1/", "reference_id": "USN-4421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12399" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2s2-zkua-8ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39135?format=api", "vulnerability_id": "VCID-k4a4-f1as-x3bj", "summary": "NSS has multiple information disclosure vulnerabilities when\n handling secret key material.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12400.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12400.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12400", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35057", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35115", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35082", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.34934", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35132", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35161", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.3504", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35085", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00147", "scoring_system": "epss", "scoring_elements": "0.35111", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12400" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853983", "reference_id": "1853983", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1853983" }, { "reference_url": "https://security.gentoo.org/glsa/202008-08", "reference_id": "GLSA-202008-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0538", "reference_id": "RHSA-2021:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4455-1/", "reference_id": "USN-4455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4455-1/" }, { "reference_url": "https://usn.ubuntu.com/4474-1/", "reference_id": "USN-4474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4474-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12400" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k4a4-f1as-x3bj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63133?format=api", "vulnerability_id": "VCID-mx8t-s47w-wud5", "summary": "When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6829.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6829.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6829", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69005", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69049", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69034", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.6894", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68958", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68978", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.68957", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69007", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00584", "scoring_system": "epss", "scoring_elements": "0.69027", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-6829" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826187", "reference_id": "1826187", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826187" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0538", "reference_id": "RHSA-2021:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4455-1/", "reference_id": "USN-4455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4455-1/" }, { "reference_url": "https://usn.ubuntu.com/4474-1/", "reference_id": "USN-4474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4474-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-6829" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mx8t-s47w-wud5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/57336?format=api", "vulnerability_id": "VCID-paez-g9wh-mfeq", "summary": "Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6609", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68638", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68664", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68707", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68614", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.6862", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68683", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00572", "scoring_system": "epss", "scoring_elements": "0.68665", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6609" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6609", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6609" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://security.gentoo.org/glsa/202412-04", "reference_id": "GLSA-202412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-04" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-29", "reference_id": "mfsa2024-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-29/", "reference_id": "mfsa2024-29", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-29/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-32", "reference_id": "mfsa2024-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-32/", "reference_id": "mfsa2024-32", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-32/" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839258", "reference_id": "show_bug.cgi?id=1839258", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1839258" }, { "reference_url": "https://usn.ubuntu.com/6890-1/", "reference_id": "USN-6890-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6890-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994642?format=api", "purl": "pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-gret-hn3p-5kbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1" } ], "aliases": [ "CVE-2024-6609" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-paez-g9wh-mfeq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39137?format=api", "vulnerability_id": "VCID-rk7t-zjzg-eqar", "summary": "NSS has multiple information disclosure vulnerabilities when\n handling secret key material.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12401.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12401.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12401", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40566", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40604", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40585", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40514", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40595", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40622", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00187", "scoring_system": "epss", "scoring_elements": "0.40544", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12401" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851294", "reference_id": "1851294", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1851294" }, { "reference_url": "https://security.gentoo.org/glsa/202008-08", "reference_id": "GLSA-202008-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-08" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0538", "reference_id": "RHSA-2021:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4455-1/", "reference_id": "USN-4455-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4455-1/" }, { "reference_url": "https://usn.ubuntu.com/4474-1/", "reference_id": "USN-4474-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4474-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12401" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rk7t-zjzg-eqar" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39140?format=api", "vulnerability_id": "VCID-szzk-wxm2-cfgj", "summary": "NSS has multiple information disclosure vulnerabilities when\n handling secret key material.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12403.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12403.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12403", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70331", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70344", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70361", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70339", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70385", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.704", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70424", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70408", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00635", "scoring_system": "epss", "scoring_elements": "0.70394", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12403" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868931", "reference_id": "1868931", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868931" }, { "reference_url": "https://security.gentoo.org/glsa/202008-08", "reference_id": "GLSA-202008-08", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202008-08" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0538", "reference_id": "RHSA-2021:0538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0538" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0758", "reference_id": "RHSA-2021:0758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0876", "reference_id": "RHSA-2021:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1026", "reference_id": "RHSA-2021:1026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1026" }, { "reference_url": "https://usn.ubuntu.com/4476-1/", "reference_id": "USN-4476-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4476-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12403" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-szzk-wxm2-cfgj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33641?format=api", "vulnerability_id": "VCID-vjas-pry4-93cz", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox, the\n worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28129", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28086", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28102", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28174", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28079", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826231", "reference_id": "1826231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152", "reference_id": "963152", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152" }, { "reference_url": "https://security.gentoo.org/glsa/202007-10", "reference_id": "GLSA-202007-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24", "reference_id": "mfsa2020-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29", "reference_id": "mfsa2020-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4417-1/", "reference_id": "USN-4417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4417-1/" }, { "reference_url": "https://usn.ubuntu.com/4417-2/", "reference_id": "USN-4417-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4417-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12402" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjas-pry4-93cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/62742?format=api", "vulnerability_id": "VCID-vszp-vyxy-f7g7", "summary": "Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15358", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15422", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15461", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15497", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15489", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.15447", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1536", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0005", "scoring_system": "epss", "scoring_elements": "0.1556", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-2781" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442292", "reference_id": "2442292", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2442292" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-13" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-13/", "reference_id": "mfsa2026-13", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-13/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-15" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-15/", "reference_id": "mfsa2026-15", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-15/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-16" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-16/", "reference_id": "mfsa2026-16", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-16/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2026-17" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2026-17/", "reference_id": "mfsa2026-17", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2026-17/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3338", "reference_id": "RHSA-2026:3338", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3339", "reference_id": "RHSA-2026:3339", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3361", "reference_id": "RHSA-2026:3361", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3361" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3491", "reference_id": "RHSA-2026:3491", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3491" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3492", "reference_id": "RHSA-2026:3492", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3492" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3493", "reference_id": "RHSA-2026:3493", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3493" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3494", "reference_id": "RHSA-2026:3494", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3494" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3495", "reference_id": "RHSA-2026:3495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3496", "reference_id": "RHSA-2026:3496", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3496" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3497", "reference_id": "RHSA-2026:3497", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3497" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3515", "reference_id": "RHSA-2026:3515", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3515" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3516", "reference_id": "RHSA-2026:3516", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3517", "reference_id": "RHSA-2026:3517", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3517" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3976", "reference_id": "RHSA-2026:3976", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3976" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3978", "reference_id": "RHSA-2026:3978", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3978" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3979", "reference_id": "RHSA-2026:3979", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3980", "reference_id": "RHSA-2026:3980", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3980" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3981", "reference_id": "RHSA-2026:3981", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3981" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3982", "reference_id": "RHSA-2026:3982", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3982" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3983", "reference_id": "RHSA-2026:3983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:3984", "reference_id": "RHSA-2026:3984", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:3984" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4022", "reference_id": "RHSA-2026:4022", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4022" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4152", "reference_id": "RHSA-2026:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4260", "reference_id": "RHSA-2026:4260", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4260" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:4432", "reference_id": "RHSA-2026:4432", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:4432" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009552", "reference_id": "show_bug.cgi?id=2009552", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=2009552" }, { "reference_url": "https://usn.ubuntu.com/8071-1/", "reference_id": "USN-8071-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8071-1/" }, { "reference_url": "https://usn.ubuntu.com/8071-2/", "reference_id": "USN-8071-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8071-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994642?format=api", "purl": "pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-gret-hn3p-5kbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1" } ], "aliases": [ "CVE-2026-2781" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vszp-vyxy-f7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31920?format=api", "vulnerability_id": "VCID-vzb9-aeqz-hybr", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74105", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74137", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74174", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74155", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74101", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74107", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774831", "reference_id": "1774831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774831" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://security.gentoo.org/glsa/202003-02", "reference_id": "GLSA-202003-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-02" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://security.gentoo.org/glsa/202003-37", "reference_id": "GLSA-202003-37", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4114", "reference_id": "RHSA-2019:4114", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4114" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4152", "reference_id": "RHSA-2019:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4190", "reference_id": "RHSA-2019:4190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0243", "reference_id": "RHSA-2020:0243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0466", "reference_id": "RHSA-2020:0466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1267", "reference_id": "RHSA-2020:1267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1345", "reference_id": "RHSA-2020:1345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1461", "reference_id": "RHSA-2020:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1461" }, { "reference_url": "https://usn.ubuntu.com/4203-1/", "reference_id": "USN-4203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4203-1/" }, { "reference_url": "https://usn.ubuntu.com/4203-2/", "reference_id": "USN-4203-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4203-2/" }, { "reference_url": "https://usn.ubuntu.com/4216-1/", "reference_id": "USN-4216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-1/" }, { "reference_url": "https://usn.ubuntu.com/4216-2/", "reference_id": "USN-4216-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-2/" }, { "reference_url": "https://usn.ubuntu.com/4241-1/", "reference_id": "USN-4241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4241-1/" }, { "reference_url": "https://usn.ubuntu.com/4335-1/", "reference_id": "USN-4335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11745" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzb9-aeqz-hybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36103?format=api", "vulnerability_id": "VCID-w794-gqex-83du", "summary": "Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6602.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6602.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6602", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.7349", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73497", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73448", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73493", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.7348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73443", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73471", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00768", "scoring_system": "epss", "scoring_elements": "0.73517", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-6602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296637", "reference_id": "2296637", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2296637" }, { "reference_url": "https://security.gentoo.org/glsa/202412-04", "reference_id": "GLSA-202412-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-04" }, { "reference_url": "https://security.gentoo.org/glsa/202412-06", "reference_id": "GLSA-202412-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-06" }, { "reference_url": "https://security.gentoo.org/glsa/202412-13", "reference_id": "GLSA-202412-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202412-13" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-29", "reference_id": "mfsa2024-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-29" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-29/", "reference_id": "mfsa2024-29", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-29/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-30", "reference_id": "mfsa2024-30", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-30" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-30/", "reference_id": "mfsa2024-30", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-30/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-31", "reference_id": "mfsa2024-31", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-31" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-31/", "reference_id": "mfsa2024-31", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-31/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-32", "reference_id": "mfsa2024-32", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2024-32" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2024-32/", "reference_id": "mfsa2024-32", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2024-32/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4625", "reference_id": "RHSA-2024:4625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4670", "reference_id": "RHSA-2024:4670", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4670" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4671", "reference_id": "RHSA-2024:4671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4717", "reference_id": "RHSA-2024:4717", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4717" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4718", "reference_id": "RHSA-2024:4718", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4718" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:4894", "reference_id": "RHSA-2024:4894", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:4894" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:6839", "reference_id": "RHSA-2024:6839", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:6839" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895032", "reference_id": "show_bug.cgi?id=1895032", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1895032" }, { "reference_url": "https://usn.ubuntu.com/6890-1/", "reference_id": "USN-6890-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6890-1/" }, { "reference_url": "https://usn.ubuntu.com/6903-1/", "reference_id": "USN-6903-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6903-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994642?format=api", "purl": "pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-gret-hn3p-5kbk" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1" } ], "aliases": [ "CVE-2024-6602" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w794-gqex-83du" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/36427?format=api", "vulnerability_id": "VCID-wavp-f4kn-j3cm", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox, the\n worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11727.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11727.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11727", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48111", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48106", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48101", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48124", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.481", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48045", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48082", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48103", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00248", "scoring_system": "epss", "scoring_elements": "0.48053", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11727" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730988", "reference_id": "1730988", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1730988" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://security.gentoo.org/glsa/201908-12", "reference_id": "GLSA-201908-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201908-12" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1951", "reference_id": "RHSA-2019:1951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4054-1/", "reference_id": "USN-4054-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4054-1/" }, { "reference_url": "https://usn.ubuntu.com/4060-1/", "reference_id": "USN-4060-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4060-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11727" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wavp-f4kn-j3cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82699?format=api", "vulnerability_id": "VCID-x1ty-wqph-gkak", "summary": "nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53893", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5391", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53938", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53913", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53965", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54011", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53976", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703979", "reference_id": "1703979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1951", "reference_id": "RHSA-2019:1951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2237", "reference_id": "RHSA-2019:2237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0876", "reference_id": "RHSA-2021:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0876" }, { "reference_url": "https://usn.ubuntu.com/4215-1/", "reference_id": "USN-4215-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4215-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17007" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ty-wqph-gkak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31168?format=api", "vulnerability_id": "VCID-y43f-tmvr-hqas", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32419", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32582", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3248", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32406", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32454", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039572", "reference_id": "2039572", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039572" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://security.gentoo.org/glsa/202208-14", "reference_id": "GLSA-202208-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01", "reference_id": "mfsa2022-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", "reference_id": "mfsa2022-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02", "reference_id": "mfsa2022-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", "reference_id": "mfsa2022-02", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03", "reference_id": "mfsa2022-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", "reference_id": "mfsa2022-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0123", "reference_id": "RHSA-2022:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0124", "reference_id": "RHSA-2022:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0125", "reference_id": "RHSA-2022:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0126", "reference_id": "RHSA-2022:0126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0127", "reference_id": "RHSA-2022:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0128", "reference_id": "RHSA-2022:0128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0129", "reference_id": "RHSA-2022:0129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0130", "reference_id": "RHSA-2022:0130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0131", "reference_id": "RHSA-2022:0131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0132", "reference_id": "RHSA-2022:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0132" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735028", "reference_id": "show_bug.cgi?id=1735028", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735028" }, { "reference_url": "https://usn.ubuntu.com/5229-1/", "reference_id": "USN-5229-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5229-1/" }, { "reference_url": "https://usn.ubuntu.com/5246-1/", "reference_id": "USN-5246-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5246-1/" }, { "reference_url": "https://usn.ubuntu.com/5248-1/", "reference_id": "USN-5248-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5248-1/" }, { "reference_url": "https://usn.ubuntu.com/5506-1/", "reference_id": "USN-5506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5506-1/" }, { "reference_url": "https://usn.ubuntu.com/5872-1/", "reference_id": "USN-5872-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5872-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-22747" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y43f-tmvr-hqas" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/63130?format=api", "vulnerability_id": "VCID-6fvj-phnx-kfgs", "summary": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75599", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75663", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75657", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75682", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75601", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75632", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00899", "scoring_system": "epss", "scoring_elements": "0.75646", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791225", "reference_id": "1791225", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1791225" }, { "reference_url": "https://security.archlinux.org/ASA-202001-1", "reference_id": "ASA-202001-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202001-1" }, { "reference_url": "https://security.archlinux.org/AVG-1084", "reference_id": "AVG-1084", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1084" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01", "reference_id": "mfsa2020-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4234-1/", "reference_id": "USN-4234-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4234-1/" }, { "reference_url": "https://usn.ubuntu.com/4397-1/", "reference_id": "USN-4397-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4397-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17023" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6fvj-phnx-kfgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81704?format=api", "vulnerability_id": "VCID-7msj-wyd6-zkbe", "summary": "nss: Check length of inputs for cryptographic primitives", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86605", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86617", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86636", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86635", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86654", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86664", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86677", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86675", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03036", "scoring_system": "epss", "scoring_elements": "0.86668", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775916", "reference_id": "1775916", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1775916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0758", "reference_id": "RHSA-2021:0758", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0758" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0876", "reference_id": "RHSA-2021:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0876" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1026", "reference_id": "RHSA-2021:1026", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1026" }, { "reference_url": "https://usn.ubuntu.com/4231-1/", "reference_id": "USN-4231-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4231-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17006" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7msj-wyd6-zkbe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/51558?format=api", "vulnerability_id": "VCID-dh3c-g3k3-zkb7", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could lead to the execution of arbitrary code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7805", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03211", "scoring_system": "epss", "scoring_elements": "0.8703", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88141", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88207", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88197", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88191", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88149", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88199", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88166", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03851", "scoring_system": "epss", "scoring_elements": "0.88171", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7805" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1377618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1377618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:S/C:C/I:C/A:C" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3987", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3987" }, { "reference_url": "https://www.debian.org/security/2017/dsa-3998", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-3998" }, { "reference_url": "https://www.debian.org/security/2017/dsa-4014", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2017/dsa-4014" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-21/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-21/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-22/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-22/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2017-23/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2017-23/" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "http://www.securityfocus.com/bid/101059", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101059" }, { "reference_url": "http://www.securitytracker.com/id/1039465", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1039465" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471171", "reference_id": "1471171", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1471171" }, { "reference_url": "https://security.archlinux.org/ASA-201710-19", "reference_id": "ASA-201710-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-19" }, { "reference_url": "https://security.archlinux.org/AVG-441", "reference_id": "AVG-441", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-441" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7805", "reference_id": "CVE-2017-7805", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7805" }, { "reference_url": "https://security.gentoo.org/glsa/201802-03", "reference_id": "GLSA-201802-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201802-03" }, { "reference_url": "https://security.gentoo.org/glsa/201803-14", "reference_id": "GLSA-201803-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201803-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21", "reference_id": "mfsa2017-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-22", "reference_id": "mfsa2017-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-23", "reference_id": "mfsa2017-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-23" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2832", "reference_id": "RHSA-2017:2832", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2832" }, { "reference_url": "https://usn.ubuntu.com/3431-1/", "reference_id": "USN-3431-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3431-1/" }, { "reference_url": "https://usn.ubuntu.com/3435-1/", "reference_id": "USN-3435-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3435-1/" }, { "reference_url": "https://usn.ubuntu.com/3436-1/", "reference_id": "USN-3436-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3436-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035553?format=api", "purl": "pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-dh3c-g3k3-zkb7" }, { "vulnerability": "VCID-ekxy-vaed-u7cg" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-fgv4-bz59-h7g7" }, { "vulnerability": "VCID-gfj6-dsud-g3fh" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-jvrr-2gej-bfby" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-kxvg-qw8v-vydv" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-t89f-eksr-juen" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" }, { "vulnerability": "VCID-ykkw-a6a1-43fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037282?format=api", "purl": "pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-dh3c-g3k3-zkb7" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-fgv4-bz59-h7g7" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-jvrr-2gej-bfby" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" }, { "vulnerability": "VCID-ykkw-a6a1-43fe" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2017-7805" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dh3c-g3k3-zkb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60444?format=api", "vulnerability_id": "VCID-fgv4-bz59-h7g7", "summary": "Multiple vulnerabilities have been found in Mozilla Network\n Security Service (NSS), the worst of which may lead to arbitrary code\n execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18508.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18508.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18508", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68142", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68165", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68183", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68161", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68212", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68228", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68253", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.6824", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00558", "scoring_system": "epss", "scoring_elements": "0.68206", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-18508" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671310", "reference_id": "1671310", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1671310" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921614", "reference_id": "921614", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921614" }, { "reference_url": "https://security.gentoo.org/glsa/202003-37", "reference_id": "GLSA-202003-37", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-37" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1951", "reference_id": "RHSA-2019:1951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1951" }, { "reference_url": "https://usn.ubuntu.com/3898-1/", "reference_id": "USN-3898-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3898-1/" }, { "reference_url": "https://usn.ubuntu.com/3898-2/", "reference_id": "USN-3898-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3898-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2018-18508" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgv4-bz59-h7g7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/56913?format=api", "vulnerability_id": "VCID-jrsz-ynp7-wbb2", "summary": "Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43527", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89954", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89971", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89976", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89984", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05243", "scoring_system": "epss", "scoring_elements": "0.89975", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0538", "scoring_system": "epss", "scoring_elements": "0.9008", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0538", "scoring_system": "epss", "scoring_elements": "0.90065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0538", "scoring_system": "epss", "scoring_elements": "0.90068", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-43527" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024370", "reference_id": "2024370", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2024370" }, { "reference_url": "https://security.archlinux.org/ASA-202112-3", "reference_id": "ASA-202112-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202112-3" }, { "reference_url": "https://security.archlinux.org/ASA-202112-4", "reference_id": "ASA-202112-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202112-4" }, { "reference_url": "https://security.archlinux.org/AVG-2596", "reference_id": "AVG-2596", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2596" }, { "reference_url": "https://security.archlinux.org/AVG-2597", "reference_id": "AVG-2597", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2597" }, { "reference_url": "https://security.gentoo.org/glsa/202212-05", "reference_id": "GLSA-202212-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-05" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51", "reference_id": "mfsa2021-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4903", "reference_id": "RHSA-2021:4903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4903" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4904", "reference_id": "RHSA-2021:4904", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4904" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4907", "reference_id": "RHSA-2021:4907", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4907" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4909", "reference_id": "RHSA-2021:4909", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4909" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4919", "reference_id": "RHSA-2021:4919", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4919" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4932", "reference_id": "RHSA-2021:4932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4933", "reference_id": "RHSA-2021:4933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4946", "reference_id": "RHSA-2021:4946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4953", "reference_id": "RHSA-2021:4953", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4953" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4954", "reference_id": "RHSA-2021:4954", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4954" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4969", "reference_id": "RHSA-2021:4969", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4969" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4994", "reference_id": "RHSA-2021:4994", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4994" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5006", "reference_id": "RHSA-2021:5006", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5006" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:5035", "reference_id": "RHSA-2021:5035", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:5035" }, { "reference_url": "https://usn.ubuntu.com/5168-1/", "reference_id": "USN-5168-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-1/" }, { "reference_url": "https://usn.ubuntu.com/5168-2/", "reference_id": "USN-5168-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-2/" }, { "reference_url": "https://usn.ubuntu.com/5168-3/", "reference_id": "USN-5168-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-3/" }, { "reference_url": "https://usn.ubuntu.com/5168-4/", "reference_id": "USN-5168-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5168-4/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-43527" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jrsz-ynp7-wbb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83179?format=api", "vulnerability_id": "VCID-jvrr-2gej-bfby", "summary": "nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12384", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70029", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70041", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70056", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70034", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70081", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70097", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.7012", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70106", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00622", "scoring_system": "epss", "scoring_elements": "0.70093", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12384" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622089", "reference_id": "1622089", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622089" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332", "reference_id": "908332", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2768", "reference_id": "RHSA-2018:2768", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:2898", "reference_id": "RHSA-2018:2898", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:2898" }, { "reference_url": "https://usn.ubuntu.com/3850-1/", "reference_id": "USN-3850-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3850-1/" }, { "reference_url": "https://usn.ubuntu.com/3850-2/", "reference_id": "USN-3850-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3850-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2018-12384" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jvrr-2gej-bfby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61777?format=api", "vulnerability_id": "VCID-k2s2-zkua-8ydy", "summary": "NSS has an information disclosure vulnerability when handling DSA\n keys.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26737", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2693", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26718", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26787", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26836", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26839", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26794", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26854", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26895", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826177", "reference_id": "1826177", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826177" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752", "reference_id": "961752", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752" }, { "reference_url": "https://security.archlinux.org/ASA-202006-1", "reference_id": "ASA-202006-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-1" }, { "reference_url": "https://security.archlinux.org/ASA-202006-4", "reference_id": "ASA-202006-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-4" }, { "reference_url": "https://security.archlinux.org/AVG-1173", "reference_id": "AVG-1173", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1173" }, { "reference_url": "https://security.archlinux.org/AVG-1179", "reference_id": "AVG-1179", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1179" }, { "reference_url": "https://security.gentoo.org/glsa/202007-49", "reference_id": "GLSA-202007-49", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-49" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20", "reference_id": "mfsa2020-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21", "reference_id": "mfsa2020-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22", "reference_id": "mfsa2020-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://usn.ubuntu.com/4383-1/", "reference_id": "USN-4383-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4383-1/" }, { "reference_url": "https://usn.ubuntu.com/4397-1/", "reference_id": "USN-4397-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4397-1/" }, { "reference_url": "https://usn.ubuntu.com/4397-2/", "reference_id": "USN-4397-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4397-2/" }, { "reference_url": "https://usn.ubuntu.com/4421-1/", "reference_id": "USN-4421-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4421-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12399" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k2s2-zkua-8ydy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33641?format=api", "vulnerability_id": "VCID-vjas-pry4-93cz", "summary": "Multiple vulnerabilities have been found in Mozilla Firefox, the\n worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28029", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28122", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28129", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28086", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28102", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28174", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28218", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28012", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00102", "scoring_system": "epss", "scoring_elements": "0.28079", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-12402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826231", "reference_id": "1826231", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826231" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152", "reference_id": "963152", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152" }, { "reference_url": "https://security.gentoo.org/glsa/202007-10", "reference_id": "GLSA-202007-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24", "reference_id": "mfsa2020-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29", "reference_id": "mfsa2020-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3280", "reference_id": "RHSA-2020:3280", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3280" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4076", "reference_id": "RHSA-2020:4076", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4076" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://usn.ubuntu.com/4417-1/", "reference_id": "USN-4417-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4417-1/" }, { "reference_url": "https://usn.ubuntu.com/4417-2/", "reference_id": "USN-4417-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4417-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12402" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vjas-pry4-93cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31920?format=api", "vulnerability_id": "VCID-vzb9-aeqz-hybr", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird,\n the worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74149", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74133", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74105", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74137", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74152", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74174", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74155", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74101", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00806", "scoring_system": "epss", "scoring_elements": "0.74107", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774831", "reference_id": "1774831", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1774831" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://security.gentoo.org/glsa/202003-02", "reference_id": "GLSA-202003-02", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-02" }, { "reference_url": "https://security.gentoo.org/glsa/202003-10", "reference_id": "GLSA-202003-10", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-10" }, { "reference_url": "https://security.gentoo.org/glsa/202003-37", "reference_id": "GLSA-202003-37", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4114", "reference_id": "RHSA-2019:4114", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4114" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4152", "reference_id": "RHSA-2019:4152", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4152" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:4190", "reference_id": "RHSA-2019:4190", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:4190" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0243", "reference_id": "RHSA-2020:0243", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0243" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0466", "reference_id": "RHSA-2020:0466", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0466" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1267", "reference_id": "RHSA-2020:1267", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1267" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1345", "reference_id": "RHSA-2020:1345", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1345" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1461", "reference_id": "RHSA-2020:1461", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1461" }, { "reference_url": "https://usn.ubuntu.com/4203-1/", "reference_id": "USN-4203-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4203-1/" }, { "reference_url": "https://usn.ubuntu.com/4203-2/", "reference_id": "USN-4203-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4203-2/" }, { "reference_url": "https://usn.ubuntu.com/4216-1/", "reference_id": "USN-4216-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-1/" }, { "reference_url": "https://usn.ubuntu.com/4216-2/", "reference_id": "USN-4216-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4216-2/" }, { "reference_url": "https://usn.ubuntu.com/4241-1/", "reference_id": "USN-4241-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4241-1/" }, { "reference_url": "https://usn.ubuntu.com/4335-1/", "reference_id": "USN-4335-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4335-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11745" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vzb9-aeqz-hybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82699?format=api", "vulnerability_id": "VCID-x1ty-wqph-gkak", "summary": "nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53893", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.5391", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53938", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53913", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53965", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53964", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.54011", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53994", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00308", "scoring_system": "epss", "scoring_elements": "0.53976", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-17007" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703979", "reference_id": "1703979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1703979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1951", "reference_id": "RHSA-2019:1951", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1951" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2237", "reference_id": "RHSA-2019:2237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2237" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0876", "reference_id": "RHSA-2021:0876", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0876" }, { "reference_url": "https://usn.ubuntu.com/4215-1/", "reference_id": "USN-4215-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4215-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17007" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ty-wqph-gkak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31168?format=api", "vulnerability_id": "VCID-y43f-tmvr-hqas", "summary": "Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32419", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32446", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32582", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32546", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32485", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.3248", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32406", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0013", "scoring_system": "epss", "scoring_elements": "0.32454", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039572", "reference_id": "2039572", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2039572" }, { "reference_url": "https://security.gentoo.org/glsa/202202-03", "reference_id": "GLSA-202202-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202202-03" }, { "reference_url": "https://security.gentoo.org/glsa/202208-14", "reference_id": "GLSA-202208-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202208-14" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01", "reference_id": "mfsa2022-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-01/", "reference_id": "mfsa2022-01", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-01/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02", "reference_id": "mfsa2022-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-02/", "reference_id": "mfsa2022-02", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-02/" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03", "reference_id": "mfsa2022-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2022-03/", "reference_id": "mfsa2022-03", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2022-03/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0123", "reference_id": "RHSA-2022:0123", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0123" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0124", "reference_id": "RHSA-2022:0124", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0124" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0125", "reference_id": "RHSA-2022:0125", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0125" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0126", "reference_id": "RHSA-2022:0126", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0126" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0127", "reference_id": "RHSA-2022:0127", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0127" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0128", "reference_id": "RHSA-2022:0128", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0128" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0129", "reference_id": "RHSA-2022:0129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0130", "reference_id": "RHSA-2022:0130", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0131", "reference_id": "RHSA-2022:0131", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0131" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0132", "reference_id": "RHSA-2022:0132", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0132" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735028", "reference_id": "show_bug.cgi?id=1735028", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1735028" }, { "reference_url": "https://usn.ubuntu.com/5229-1/", "reference_id": "USN-5229-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5229-1/" }, { "reference_url": "https://usn.ubuntu.com/5246-1/", "reference_id": "USN-5246-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5246-1/" }, { "reference_url": "https://usn.ubuntu.com/5248-1/", "reference_id": "USN-5248-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5248-1/" }, { "reference_url": "https://usn.ubuntu.com/5506-1/", "reference_id": "USN-5506-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5506-1/" }, { "reference_url": "https://usn.ubuntu.com/5872-1/", "reference_id": "USN-5872-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5872-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/994641?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tts-gwgd-zqcz" }, { "vulnerability": "VCID-3nrj-5r53-37ab" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-w794-gqex-83du" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-22747" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y43f-tmvr-hqas" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/82973?format=api", "vulnerability_id": "VCID-ykkw-a6a1-43fe", "summary": "nss: Cache side-channel variant of the Bleichenbacher attack", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12404.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12404.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12404", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.94413", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.9442", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.9443", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.94433", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.94442", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.94446", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.94449", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.14501", "scoring_system": "epss", "scoring_elements": "0.94451", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-12404" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657913", "reference_id": "1657913", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1657913" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2237", "reference_id": "RHSA-2019:2237", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2237" }, { "reference_url": "https://usn.ubuntu.com/3850-1/", "reference_id": "USN-3850-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3850-1/" }, { "reference_url": "https://usn.ubuntu.com/3850-2/", "reference_id": "USN-3850-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3850-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037931?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2zrv-q4tb-wqeg" }, { "vulnerability": "VCID-46cy-x3cp-tke5" }, { "vulnerability": "VCID-6fvj-phnx-kfgs" }, { "vulnerability": "VCID-7msj-wyd6-zkbe" }, { "vulnerability": "VCID-8qtg-h4km-bfg2" }, { "vulnerability": "VCID-cgvg-aj53-kkbp" }, { "vulnerability": "VCID-ewe9-39b1-kba2" }, { "vulnerability": "VCID-hs5f-21nx-gfeb" }, { "vulnerability": "VCID-jrsz-ynp7-wbb2" }, { "vulnerability": "VCID-k2s2-zkua-8ydy" }, { "vulnerability": "VCID-k4a4-f1as-x3bj" }, { "vulnerability": "VCID-mx8t-s47w-wud5" }, { "vulnerability": "VCID-paez-g9wh-mfeq" }, { "vulnerability": "VCID-rk7t-zjzg-eqar" }, { "vulnerability": "VCID-szzk-wxm2-cfgj" }, { "vulnerability": "VCID-vjas-pry4-93cz" }, { "vulnerability": "VCID-vszp-vyxy-f7g7" }, { "vulnerability": "VCID-vzb9-aeqz-hybr" }, { "vulnerability": "VCID-w794-gqex-83du" }, { "vulnerability": "VCID-wavp-f4kn-j3cm" }, { "vulnerability": "VCID-x1ty-wqph-gkak" }, { "vulnerability": "VCID-y43f-tmvr-hqas" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2018-12404" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkw-a6a1-43fe" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }