Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/expat@2.0.1-7%2Bsqueeze2

Type deb

Namespace debian

Name expat

Version 2.0.1-7+squeeze2

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.2.10-2+deb11u5

Latest_non_vulnerable_version 2.2.10-2+deb11u5

Affected_by_vulnerabilities

url VCID-7t2y-ppma-aqe1

vulnerability_id VCID-7t2y-ppma-aqe1

summary

Security researcher Gustavo Grieco reported a potential out-of-bounds
read parsing malformed XML data during character conversion. This is due to a bug in the
Expat library, which is used in Firefox. This could allow an attacker to read other
inaccessible memory.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4472

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718
reference_id	CVE-2016-0718
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0718

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-68

reference_id

mfsa2016-68

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-68

fixed_packages

url pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4

purl pkg:deb/debian/expat@2.1.0-6%2Bdeb8u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7t2y-ppma-aqe1

vulnerability	VCID-cvna-73ya-gbg5

vulnerability	VCID-ea8u-5x5j-dkch

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.1.0-6%252Bdeb8u4

url pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3

purl pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cvna-73ya-gbg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3

aliases CVE-2016-0718

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7t2y-ppma-aqe1

url VCID-cvna-73ya-gbg5

vulnerability_id VCID-cvna-73ya-gbg5

summary In libexpat before 2.2.8, crafted XML input could fool the parser into changing from DTD parsing to document parsing too early. A subsequent call to XML_GetCurrentLineNumber or XML_GetCurrentColumnNumber then resulted in a heap-based buffer over-read.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11755

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11757

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11759

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11760

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11761

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11762

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11763

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11764

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15903

reference_url	https://security.archlinux.org/ASA-201910-15
reference_id	ASA-201910-15
reference_type
scores
url	https://security.archlinux.org/ASA-201910-15

reference_url	https://security.archlinux.org/ASA-201910-16
reference_id	ASA-201910-16
reference_type
scores
url	https://security.archlinux.org/ASA-201910-16

reference_url	https://security.archlinux.org/ASA-201910-17
reference_id	ASA-201910-17
reference_type
scores
url	https://security.archlinux.org/ASA-201910-17

reference_url

https://security.archlinux.org/AVG-1053

reference_id

AVG-1053

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1053

reference_url

https://security.archlinux.org/AVG-1054

reference_id

AVG-1054

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1054

reference_url

https://security.archlinux.org/AVG-1055

reference_id

AVG-1055

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1055

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-33

reference_id

mfsa2019-33

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-33

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-34

reference_id

mfsa2019-34

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-34

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-35

reference_id

mfsa2019-35

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2019-35

fixed_packages

url pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3

purl pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cvna-73ya-gbg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3

url pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4

purl pkg:deb/debian/expat@2.2.6-2%2Bdeb10u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cvna-73ya-gbg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.6-2%252Bdeb10u4

url	pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5
purl	pkg:deb/debian/expat@2.2.10-2%2Bdeb11u5
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.10-2%252Bdeb11u5

aliases CVE-2019-15903

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cvna-73ya-gbg5

url VCID-ea8u-5x5j-dkch

vulnerability_id VCID-ea8u-5x5j-dkch

summary An integer overflow during the parsing of XML using the Expat library.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9063

reference_url	https://security.archlinux.org/ASA-201611-16
reference_id	ASA-201611-16
reference_type
scores
url	https://security.archlinux.org/ASA-201611-16

reference_url

https://security.archlinux.org/AVG-72

reference_id

AVG-72

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-72

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

fixed_packages

url pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3

purl pkg:deb/debian/expat@2.2.0-2%2Bdeb9u3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-cvna-73ya-gbg5

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.2.0-2%252Bdeb9u3

aliases CVE-2016-9063

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ea8u-5x5j-dkch

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/expat@2.0.1-7%252Bsqueeze2

Package Instance