Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:rpm/redhat/xulrunner@1.9.2.26-1?arch=el5_7
Typerpm
Namespaceredhat
Namexulrunner
Version1.9.2.26-1
Qualifiers
arch el5_7
Subpath
Is_vulnerabletrue
Next_non_vulnerable_versionnull
Latest_non_vulnerable_versionnull
Affected_by_vulnerabilities
0
url VCID-5eu6-8wqn-8udn
vulnerability_id VCID-5eu6-8wqn-8udn
summary 
Security researchers Nicolas Grégoire and Aki
Helin independently reported that when processing a malformed
embedded XSLT stylesheet, Firefox can crash due to a memory corruption.
While there is no evidence that this is directly exploitable, there is
a possibility of remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0449.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0449
reference_id
reference_type
scores
0
value 0.03949
scoring_system epss
scoring_elements 0.88544
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0449
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=785966
reference_id 785966
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=785966
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449
reference_id CVE-2012-0449
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0449
4
reference_url https://security.gentoo.org/glsa/201301-01
reference_id GLSA-201301-01
reference_type
scores
url https://security.gentoo.org/glsa/201301-01
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2012-08
reference_id mfsa2012-08
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2012-08
6
reference_url https://access.redhat.com/errata/RHSA-2012:0079
reference_id RHSA-2012:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0079
7
reference_url https://access.redhat.com/errata/RHSA-2012:0080
reference_id RHSA-2012:0080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0080
8
reference_url https://usn.ubuntu.com/1350-1/
reference_id USN-1350-1
reference_type
scores
url https://usn.ubuntu.com/1350-1/
9
reference_url https://usn.ubuntu.com/1353-1/
reference_id USN-1353-1
reference_type
scores
url https://usn.ubuntu.com/1353-1/
10
reference_url https://usn.ubuntu.com/1355-1/
reference_id USN-1355-1
reference_type
scores
url https://usn.ubuntu.com/1355-1/
11
reference_url https://usn.ubuntu.com/1369-1/
reference_id USN-1369-1
reference_type
scores
url https://usn.ubuntu.com/1369-1/
fixed_packages
aliases CVE-2012-0449
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5eu6-8wqn-8udn
1
url VCID-and6-s8wt-rkfc
vulnerability_id VCID-and6-s8wt-rkfc
summary 
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative the possibility of memory corruption during
the decoding of Ogg Vorbis files. This can cause a crash during decoding and has
the potential for remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0444.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0444
reference_id
reference_type
scores
0
value 0.08973
scoring_system epss
scoring_elements 0.92732
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0444
2
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197
reference_id 664197
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664197
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196
reference_id 669196
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=669196
4
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=786026
reference_id 786026
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=786026
5
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
reference_id CVE-2012-0444
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0444
6
reference_url https://security.gentoo.org/glsa/201301-01
reference_id GLSA-201301-01
reference_type
scores
url https://security.gentoo.org/glsa/201301-01
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2012-07
reference_id mfsa2012-07
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2012-07
8
reference_url https://access.redhat.com/errata/RHSA-2012:0079
reference_id RHSA-2012:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0079
9
reference_url https://access.redhat.com/errata/RHSA-2012:0136
reference_id RHSA-2012:0136
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0136
10
reference_url https://usn.ubuntu.com/1350-1/
reference_id USN-1350-1
reference_type
scores
url https://usn.ubuntu.com/1350-1/
11
reference_url https://usn.ubuntu.com/1353-1/
reference_id USN-1353-1
reference_type
scores
url https://usn.ubuntu.com/1353-1/
12
reference_url https://usn.ubuntu.com/1355-1/
reference_id USN-1355-1
reference_type
scores
url https://usn.ubuntu.com/1355-1/
13
reference_url https://usn.ubuntu.com/1369-1/
reference_id USN-1369-1
reference_type
scores
url https://usn.ubuntu.com/1369-1/
14
reference_url https://usn.ubuntu.com/1370-1/
reference_id USN-1370-1
reference_type
scores
url https://usn.ubuntu.com/1370-1/
fixed_packages
aliases CVE-2012-0444
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-and6-s8wt-rkfc
2
url VCID-fjd2-qz3j-quct
vulnerability_id VCID-fjd2-qz3j-quct
summary 
Mozilla developers identified and fixed several memory safety bugs
in the browser engine used in Firefox and other Mozilla-based
products. Some of these bugs showed evidence of memory corruption
under certain circumstances, and we presume that with enough effort at
least some of these could be exploited to run arbitrary code.In general these flaws cannot be exploited through email in the Thunderbird and SeaMonkey products because scripting is disabled, but are potentially a risk in browser or browser-like contexts in those products.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-0442.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2012-0442
reference_id
reference_type
scores
0
value 0.01441
scoring_system epss
scoring_elements 0.81034
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2012-0442
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=785085
reference_id 785085
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=785085
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
reference_id CVE-2012-0442
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0442
4
reference_url https://security.gentoo.org/glsa/201301-01
reference_id GLSA-201301-01
reference_type
scores
url https://security.gentoo.org/glsa/201301-01
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2012-01
reference_id mfsa2012-01
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2012-01
6
reference_url https://access.redhat.com/errata/RHSA-2012:0079
reference_id RHSA-2012:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0079
7
reference_url https://access.redhat.com/errata/RHSA-2012:0080
reference_id RHSA-2012:0080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0080
8
reference_url https://access.redhat.com/errata/RHSA-2012:0084
reference_id RHSA-2012:0084
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0084
9
reference_url https://access.redhat.com/errata/RHSA-2012:0085
reference_id RHSA-2012:0085
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0085
10
reference_url https://usn.ubuntu.com/1350-1/
reference_id USN-1350-1
reference_type
scores
url https://usn.ubuntu.com/1350-1/
11
reference_url https://usn.ubuntu.com/1353-1/
reference_id USN-1353-1
reference_type
scores
url https://usn.ubuntu.com/1353-1/
12
reference_url https://usn.ubuntu.com/1355-1/
reference_id USN-1355-1
reference_type
scores
url https://usn.ubuntu.com/1355-1/
13
reference_url https://usn.ubuntu.com/1369-1/
reference_id USN-1369-1
reference_type
scores
url https://usn.ubuntu.com/1369-1/
fixed_packages
aliases CVE-2012-0442
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fjd2-qz3j-quct
3
url VCID-s4v8-msj6-j3dw
vulnerability_id VCID-s4v8-msj6-j3dw
summary 
Security researcher regenrecht reported via
TippingPoint's Zero Day Initiative that removed child nodes of nsDOMAttribute
can be accessed under certain circumstances because of a premature notification
of AttributeChildRemoved. This use-after-free of the child nodes could possibly
allow for remote code execution.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3659.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3659
reference_id
reference_type
scores
0
value 0.72536
scoring_system epss
scoring_elements 0.98791
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3659
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=786258
reference_id 786258
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=786258
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
reference_id CVE-2011-3659
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3659
4
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb
reference_id CVE-2011-3659;OSVDB-78736
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/windows/remote/18870.rb
5
reference_url http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413
reference_id CVE-2011-3659;OSVDB-78736
reference_type exploit
scores
url http://www.zerodayinitiative.com/advisories/upcoming/ZDI-CAN-1413
6
reference_url https://security.gentoo.org/glsa/201301-01
reference_id GLSA-201301-01
reference_type
scores
url https://security.gentoo.org/glsa/201301-01
7
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2012-04
reference_id mfsa2012-04
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2012-04
8
reference_url https://access.redhat.com/errata/RHSA-2012:0079
reference_id RHSA-2012:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0079
9
reference_url https://access.redhat.com/errata/RHSA-2012:0080
reference_id RHSA-2012:0080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0080
10
reference_url https://usn.ubuntu.com/1350-1/
reference_id USN-1350-1
reference_type
scores
url https://usn.ubuntu.com/1350-1/
11
reference_url https://usn.ubuntu.com/1353-1/
reference_id USN-1353-1
reference_type
scores
url https://usn.ubuntu.com/1353-1/
12
reference_url https://usn.ubuntu.com/1355-1/
reference_id USN-1355-1
reference_type
scores
url https://usn.ubuntu.com/1355-1/
13
reference_url https://usn.ubuntu.com/1369-1/
reference_id USN-1369-1
reference_type
scores
url https://usn.ubuntu.com/1369-1/
fixed_packages
aliases CVE-2011-3659
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s4v8-msj6-j3dw
4
url VCID-zgcc-resp-k3h5
vulnerability_id VCID-zgcc-resp-k3h5
summary 
For historical reasons Firefox has been generous in its interpretation of web
addresses containing square brackets around the host. If this host was not a
valid IPv6 literal address, Firefox attempted to interpret the host as a regular
domain name. Gregory Fleischer reported that requests made
using IPv6 syntax using XMLHttpRequest objects through a proxy may generate
errors depending on proxy configuration for IPv6. The resulting error messages
from the proxy may disclose sensitive data because Same-Origin Policy (SOP) will
allow the XMLHttpRequest object to read these error messages, allowing user
privacy to be eroded. Firefox now enforces RFC 3986 IPv6 literal syntax and that
may break links written using the non-standard Firefox-only forms that were
previously accepted.
This was fixed previously for Firefox 7.0, Thunderbird 7.0, and
SeaMonkey 2.4 but only fixed in Firefox 3.6.26 and Thunderbird 3.1.18 during
2012.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json
reference_id
reference_type
scores
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3670.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-3670
reference_id
reference_type
scores
0
value 0.00725
scoring_system epss
scoring_elements 0.72882
published_at 2026-05-29T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-3670
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=785464
reference_id 785464
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=785464
3
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670
reference_id CVE-2011-3670
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3670
4
reference_url https://security.gentoo.org/glsa/201301-01
reference_id GLSA-201301-01
reference_type
scores
url https://security.gentoo.org/glsa/201301-01
5
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2012-02
reference_id mfsa2012-02
reference_type
scores
0
value low
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2012-02
6
reference_url https://access.redhat.com/errata/RHSA-2012:0079
reference_id RHSA-2012:0079
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0079
7
reference_url https://access.redhat.com/errata/RHSA-2012:0080
reference_id RHSA-2012:0080
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0080
8
reference_url https://access.redhat.com/errata/RHSA-2012:0084
reference_id RHSA-2012:0084
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0084
9
reference_url https://access.redhat.com/errata/RHSA-2012:0085
reference_id RHSA-2012:0085
reference_type
scores
url https://access.redhat.com/errata/RHSA-2012:0085
10
reference_url https://usn.ubuntu.com/1350-1/
reference_id USN-1350-1
reference_type
scores
url https://usn.ubuntu.com/1350-1/
11
reference_url https://usn.ubuntu.com/1353-1/
reference_id USN-1353-1
reference_type
scores
url https://usn.ubuntu.com/1353-1/
fixed_packages
aliases CVE-2011-3670
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgcc-resp-k3h5
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:rpm/redhat/xulrunner@1.9.2.26-1%3Farch=el5_7