Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:deb/debian/gnutls28@3.5.8-5%2Bdeb9u5

Type deb

Namespace debian

Name gnutls28

Version 3.5.8-5+deb9u5

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.7.1-5+deb11u3

Latest_non_vulnerable_version 3.7.1-5+deb11u3

Affected_by_vulnerabilities

url VCID-7edm-wc8c-ayg3

vulnerability_id VCID-7edm-wc8c-ayg3

summary multiple issues

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836

reference_url	https://security.archlinux.org/ASA-201904-2
reference_id	ASA-201904-2
reference_type
scores
url	https://security.archlinux.org/ASA-201904-2

reference_url

https://security.archlinux.org/AVG-945

reference_id

AVG-945

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-945

fixed_packages

url pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8

purl pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v7nt-mvm3-4udj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.6.7-4%252Bdeb10u8

aliases CVE-2019-3836

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7edm-wc8c-ayg3

url VCID-mgww-jmn5-5keq

vulnerability_id VCID-mgww-jmn5-5keq

summary multiple issues

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829

reference_url	https://security.archlinux.org/ASA-201904-2
reference_id	ASA-201904-2
reference_type
scores
url	https://security.archlinux.org/ASA-201904-2

reference_url

https://security.archlinux.org/AVG-945

reference_id

AVG-945

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-945

fixed_packages

url pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8

purl pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v7nt-mvm3-4udj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.6.7-4%252Bdeb10u8

aliases CVE-2019-3829

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mgww-jmn5-5keq

url VCID-v7nt-mvm3-4udj

vulnerability_id VCID-v7nt-mvm3-4udj

summary man-in-the-middle

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777

reference_url	https://security.archlinux.org/ASA-202006-2
reference_id	ASA-202006-2
reference_type
scores
url	https://security.archlinux.org/ASA-202006-2

reference_url

https://security.archlinux.org/AVG-1177

reference_id

AVG-1177

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1177

fixed_packages

url pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8

purl pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v7nt-mvm3-4udj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.6.7-4%252Bdeb10u8

url	pkg:deb/debian/gnutls28@3.7.1-5%2Bdeb11u3
purl	pkg:deb/debian/gnutls28@3.7.1-5%2Bdeb11u3
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.7.1-5%252Bdeb11u3

aliases CVE-2020-13777

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v7nt-mvm3-4udj

Fixing_vulnerabilities

url VCID-81zk-xrsj-cufe

vulnerability_id VCID-81zk-xrsj-cufe

summary

Security researcher Karthikeyan Bhargavan reported an issue
in Network Security Services (NSS) where MD5 signatures in the server signature within the
TLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has
officially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This
issues exposes NSS based clients such as Firefox to theoretical collision-based forgery
attacks. This issue was fixed in NSS version 3.20.2.

references

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575
reference_id	CVE-2015-7575
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-150

reference_id

mfsa2015-150

reference_type

scores

value	none
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2015-150

fixed_packages

url pkg:deb/debian/gnutls28@3.5.8-5%2Bdeb9u5

purl pkg:deb/debian/gnutls28@3.5.8-5%2Bdeb9u5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-7edm-wc8c-ayg3

vulnerability	VCID-mgww-jmn5-5keq

vulnerability	VCID-v7nt-mvm3-4udj

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.5.8-5%252Bdeb9u5

aliases CVE-2015-7575

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.5.8-5%252Bdeb9u5

Package Instance