Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3

Type deb

Namespace debian

Name nginx

Version 0.7.67-3+squeeze3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 1.14.2-2+deb10u4

Latest_non_vulnerable_version 1.14.2-2+deb10u4

Affected_by_vulnerabilities

url VCID-3mcc-5mw8-tfc9

vulnerability_id VCID-3mcc-5mw8-tfc9

summary information disclosure

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529

reference_url

https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

reference_id

reference_type

scores

value	medium
scoring_system	generic_textual
scoring_elements

url

https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html

reference_url	https://nginx.org/download/patch.2017.ranges.txt
reference_id
reference_type
scores
url	https://nginx.org/download/patch.2017.ranges.txt

reference_url	https://nginx.org/download/patch.2017.ranges.txt.asc
reference_id
reference_type
scores
url	https://nginx.org/download/patch.2017.ranges.txt.asc

reference_url	https://security.archlinux.org/ASA-201707-11
reference_id	ASA-201707-11
reference_type
scores
url	https://security.archlinux.org/ASA-201707-11

reference_url	https://security.archlinux.org/ASA-201707-12
reference_id	ASA-201707-12
reference_type
scores
url	https://security.archlinux.org/ASA-201707-12

reference_url

https://security.archlinux.org/AVG-345

reference_id

AVG-345

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-345

reference_url

https://security.archlinux.org/AVG-346

reference_id

AVG-346

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-346

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-7529
reference_id	CVE-2017-7529
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-7529

fixed_packages

url pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5

purl pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mcc-5mw8-tfc9

vulnerability	VCID-6hfk-j9e8-7uf2

vulnerability	VCID-tdbz-96pr-z3az

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5

url pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4

purl pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mcc-5mw8-tfc9

vulnerability	VCID-tdbz-96pr-z3az

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4

url	pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4
purl	pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4

aliases CVE-2017-7529

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3mcc-5mw8-tfc9

url VCID-6hfk-j9e8-7uf2

vulnerability_id VCID-6hfk-j9e8-7uf2

summary privilege escalation

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247

reference_url	https://security.archlinux.org/ASA-201701-23
reference_id	ASA-201701-23
reference_type
scores
url	https://security.archlinux.org/ASA-201701-23

reference_url	https://security.archlinux.org/ASA-201701-24
reference_id	ASA-201701-24
reference_type
scores
url	https://security.archlinux.org/ASA-201701-24

reference_url

https://security.archlinux.org/AVG-138

reference_id

AVG-138

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-138

reference_url

https://security.archlinux.org/AVG-139

reference_id

AVG-139

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-139

fixed_packages

url pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5

purl pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mcc-5mw8-tfc9

vulnerability	VCID-6hfk-j9e8-7uf2

vulnerability	VCID-tdbz-96pr-z3az

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5

url pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2

purl pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mcc-5mw8-tfc9

vulnerability	VCID-tdbz-96pr-z3az

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2

aliases CVE-2016-1247

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6hfk-j9e8-7uf2

url VCID-tdbz-96pr-z3az

vulnerability_id VCID-tdbz-96pr-z3az

summary arbitrary code execution

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017

reference_url

https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

reference_id

reference_type

scores

value	medium
scoring_system	generic_textual
scoring_elements

url

https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html

reference_url	https://nginx.org/download/patch.2021.resolver.txt
reference_id
reference_type
scores
url	https://nginx.org/download/patch.2021.resolver.txt

reference_url	https://nginx.org/download/patch.2021.resolver.txt.asc
reference_id
reference_type
scores
url	https://nginx.org/download/patch.2021.resolver.txt.asc

reference_url	https://security.archlinux.org/ASA-202106-36
reference_id	ASA-202106-36
reference_type
scores
url	https://security.archlinux.org/ASA-202106-36

reference_url	https://security.archlinux.org/ASA-202106-48
reference_id	ASA-202106-48
reference_type
scores
url	https://security.archlinux.org/ASA-202106-48

reference_url

https://security.archlinux.org/AVG-1987

reference_id

AVG-1987

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1987

reference_url

https://security.archlinux.org/AVG-1988

reference_id

AVG-1988

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1988

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2021-23017
reference_id	CVE-2021-23017
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2021-23017

fixed_packages

url	pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4
purl	pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4

aliases CVE-2021-23017

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tdbz-96pr-z3az

Fixing_vulnerabilities

url VCID-atus-ryef-17h1

vulnerability_id VCID-atus-ryef-17h1

summary

Mozilla developers added support in the Network Security Services
module for preventing a type of man-in-the-middle attack against TLS
using forced renegotiation.Note that to benefit from the fix, Firefox 3.6 and
Firefox 3.5 users will need to set
their security.ssl.require_safe_negotiation preference to
true.  Firefox 3 does not contain the fix for this issue.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566

reference_url	https://nginx.org/download/patch.cve-2009-3555.txt
reference_id
reference_type
scores
url	https://nginx.org/download/patch.cve-2009-3555.txt

reference_url	https://nginx.org/download/patch.cve-2009-3555.txt.asc
reference_id
reference_type
scores
url	https://nginx.org/download/patch.cve-2009-3555.txt.asc

reference_url	https://tomcat.apache.org/security-7.html
reference_id
reference_type
scores
url	https://tomcat.apache.org/security-7.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
reference_id	CVE-2009-3555
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2009-3555
reference_id	CVE-2009-3555
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2009-3555

reference_url	https://github.com/advisories/GHSA-f7w7-6pjc-wwm6
reference_id	GHSA-f7w7-6pjc-wwm6
reference_type
scores
url	https://github.com/advisories/GHSA-f7w7-6pjc-wwm6

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2010-22

reference_id

mfsa2010-22

reference_type

scores

value	low
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2010-22

fixed_packages

url pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3

purl pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-3mcc-5mw8-tfc9

vulnerability	VCID-6hfk-j9e8-7uf2

vulnerability	VCID-tdbz-96pr-z3az

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3

aliases CVE-2009-3555, GHSA-f7w7-6pjc-wwm6, VU#120541

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-atus-ryef-17h1

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3

Package Instance