Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/572016?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/572016?format=api", "purl": "pkg:deb/debian/nginx@0.6.32-3%2Blenny3", "type": "deb", "namespace": "debian", "name": "nginx", "version": "0.6.32-3+lenny3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "1.22.1-9+deb12u4", "latest_non_vulnerable_version": "1.28.3-2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14?format=api", "vulnerability_id": "VCID-22cq-z7km-cfdc", "summary": "SSL session reuse vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23419", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88157", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88128", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88147", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88153", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88163", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88156", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88105", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0383", "scoring_system": "epss", "scoring_elements": "0.88121", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-23419" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403", "reference_id": "1095403", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344005", "reference_id": "2344005", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2344005" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23419", "reference_id": "CVE-2025-23419", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23419" }, { "reference_url": "https://my.f5.com/manage/s/article/K000149173", "reference_id": "K000149173", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "5.3", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T18:12:47Z/" } ], "url": "https://my.f5.com/manage/s/article/K000149173" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7331", "reference_id": "RHSA-2025:7331", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7331" }, { "reference_url": "https://usn.ubuntu.com/7285-1/", "reference_id": "USN-7285-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7285-1/" }, { "reference_url": "https://usn.ubuntu.com/7285-2/", "reference_id": "USN-7285-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7285-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2025-23419" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-22cq-z7km-cfdc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/90808?format=api", "vulnerability_id": "VCID-36pf-ddpb-3khs", "summary": "security update", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11724", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85275", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85278", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85203", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85215", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85233", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85235", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85257", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.85266", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02474", "scoring_system": "epss", "scoring_elements": "0.8528", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-11724" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724" }, { "reference_url": "https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa" }, { "reference_url": "https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210129-0002/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security.netapp.com/advisory/ntap-20210129-0002/" }, { "reference_url": "https://www.debian.org/security/2020/dsa-4750", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.debian.org/security/2020/dsa-4750" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950", "reference_id": "964950", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11724", "reference_id": "CVE-2020-11724", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:P/A:N" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11724" }, { "reference_url": "https://usn.ubuntu.com/5371-1/", "reference_id": "USN-5371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-1/" }, { "reference_url": "https://usn.ubuntu.com/5371-3/", "reference_id": "USN-5371-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-11724" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-36pf-ddpb-3khs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/81680?format=api", "vulnerability_id": "VCID-3ysf-pvuu-47bs", "summary": "nginx: HTTP request smuggling in configurations with URL redirect used as error_page", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20372", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98652", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98653", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98656", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98659", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.9866", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98661", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98664", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.69737", "scoring_system": "epss", "scoring_elements": "0.98665", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-20372" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277", "reference_id": "1790277", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1790277" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579", "reference_id": "948579", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2817", "reference_id": "RHSA-2020:2817", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2817" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5495", "reference_id": "RHSA-2020:5495", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5495" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0778", "reference_id": "RHSA-2021:0778", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0778" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0779", "reference_id": "RHSA-2021:0779", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0779" }, { "reference_url": "https://usn.ubuntu.com/4235-1/", "reference_id": "USN-4235-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4235-1/" }, { "reference_url": "https://usn.ubuntu.com/4235-2/", "reference_id": "USN-4235-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4235-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-20372" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ysf-pvuu-47bs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/54339?format=api", "vulnerability_id": "VCID-4mqa-bkha-kbaj", "summary": "security update", "references": [ { "reference_url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/" }, { "reference_url": "http://code.google.com/p/chromium/issues/detail?id=139744", "reference_id": "", "reference_type": "", "scores": [], "url": "http://code.google.com/p/chromium/issues/detail?id=139744" }, { "reference_url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html" }, { "reference_url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html" }, { "reference_url": "http://jvn.jp/en/jp/JVN65273415/index.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://jvn.jp/en/jp/JVN65273415/index.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=136612293908376&w=2" }, { "reference_url": "http://news.ycombinator.com/item?id=4510829", "reference_id": "", "reference_type": "", "scores": [], "url": "http://news.ycombinator.com/item?id=4510829" }, { "reference_url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://rhn.redhat.com/errata/RHSA-2013-0587.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4929.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4929.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13867", "scoring_system": "epss", "scoring_elements": "0.94298", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13867", "scoring_system": "epss", "scoring_elements": "0.94297", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.15291", "scoring_system": "epss", "scoring_elements": "0.94599", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.15291", "scoring_system": "epss", "scoring_elements": "0.94585", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.15291", "scoring_system": "epss", "scoring_elements": "0.94611", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.15291", "scoring_system": "epss", "scoring_elements": "0.94615", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.15291", "scoring_system": "epss", "scoring_elements": "0.94601", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.15291", "scoring_system": "epss", "scoring_elements": "0.94592", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-4929" }, { "reference_url": "https://chromiumcodereview.appspot.com/10825183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://chromiumcodereview.appspot.com/10825183" }, { "reference_url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls", "reference_id": "", "reference_type": "", "scores": [], "url": "https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor" }, { "reference_url": "https://gist.github.com/3696912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://gist.github.com/3696912" }, { "reference_url": "https://github.com/mpgn/CRIME-poc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/mpgn/CRIME-poc" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920", "reference_id": "", "reference_type": "", "scores": [], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920" }, { "reference_url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212", "reference_id": "", "reference_type": "", "scores": [], "url": "https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212" }, { "reference_url": "http://support.apple.com/kb/HT5784", "reference_id": "", "reference_type": "", "scores": [], "url": "http://support.apple.com/kb/HT5784" }, { "reference_url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312", "reference_id": "", "reference_type": "", "scores": [], "url": "http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312" }, { "reference_url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512", "reference_id": "", "reference_type": "", "scores": [], "url": "http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512" }, { "reference_url": "http://www.debian.org/security/2012/dsa-2579", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2012/dsa-2579" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2627", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2627" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3253", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "reference_url": "http://www.ekoparty.org/2012/thai-duong.php", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ekoparty.org/2012/thai-duong.php" }, { "reference_url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091" }, { "reference_url": "http://www.securityfocus.com/bid/55704", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/55704" }, { "reference_url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.theregister.co.uk/2012/09/14/crime_tls_attack/" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1627-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1627-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1628-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1628-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1898-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-1898-1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689936", "reference_id": "689936", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689936" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700399", "reference_id": "700399", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700399" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700426", "reference_id": "700426", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700426" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727197", "reference_id": "727197", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727197" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728055", "reference_id": "728055", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728055" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051", "reference_id": "857051", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=857051" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4929", "reference_id": "CVE-2012-4929", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-4929" }, { "reference_url": "https://security.gentoo.org/glsa/201309-12", "reference_id": "GLSA-201309-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0587", "reference_id": "RHSA-2013:0587", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0587" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2013:0636", "reference_id": "RHSA-2013:0636", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2013:0636" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:0416", "reference_id": "RHSA-2014:0416", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:0416" }, { "reference_url": "https://usn.ubuntu.com/1627-1/", "reference_id": "USN-1627-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1627-1/" }, { "reference_url": "https://usn.ubuntu.com/1628-1/", "reference_id": "USN-1628-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1628-1/" }, { "reference_url": "https://usn.ubuntu.com/1898-1/", "reference_id": "USN-1898-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1898-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" } ], "aliases": [ "CVE-2012-4929" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4mqa-bkha-kbaj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41?format=api", "vulnerability_id": "VCID-64n7-ygvq-cfds", "summary": "Excessive memory usage in HTTP/2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98063", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98082", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98076", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98081", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98067", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.9807", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98071", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.55541", "scoring_system": "epss", "scoring_elements": "0.98075", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644511", "reference_id": "1644511", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644511" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090", "reference_id": "913090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16843", "reference_id": "CVE-2018-16843", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16843" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3653", "reference_id": "RHSA-2018:3653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3680", "reference_id": "RHSA-2018:3680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3681", "reference_id": "RHSA-2018:3681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "reference_url": "https://usn.ubuntu.com/3812-1/", "reference_id": "USN-3812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3812-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2018-16843" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-64n7-ygvq-cfds" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45?format=api", "vulnerability_id": "VCID-9hzg-r1fj-pubf", "summary": "Excessive CPU usage in HTTP/2 with priority changes", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91201", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.9125", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91221", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91235", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91241", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91248", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06705", "scoring_system": "epss", "scoring_elements": "0.91215", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741", "reference_id": "1735741", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1735741" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513", "reference_id": "CVE-2019-9513", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9513" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9513" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40?format=api", "vulnerability_id": "VCID-asr7-uwpu-a7a5", "summary": "STARTTLS command injection", "references": [ { "reference_url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://marc.info/?l=bugtraq&m=142103967620673&w=2" }, { "reference_url": "http://nginx.org/download/patch.2014.starttls.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "http://nginx.org/download/patch.2014.starttls.txt" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3556.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3556.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3556", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.9773", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.97707", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.97726", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.97728", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.97714", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.97715", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.97716", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.9772", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.48169", "scoring_system": "epss", "scoring_elements": "0.97723", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3556" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html" }, { "reference_url": "https://nginx.org/download/patch.2014.starttls.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2014.starttls.txt" }, { "reference_url": "https://nginx.org/download/patch.2014.starttls.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2014.starttls.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891", "reference_id": "1126891", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1126891" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757196", "reference_id": "757196", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757196" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3556", "reference_id": "CVE-2014-3556", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3556" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035547?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5" } ], "aliases": [ "CVE-2014-3556" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-asr7-uwpu-a7a5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9?format=api", "vulnerability_id": "VCID-bana-j1wy-cfdy", "summary": "Excessive CPU usage in HTTP/2", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93353", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93385", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93386", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93384", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93361", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93369", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93377", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.10883", "scoring_system": "epss", "scoring_elements": "0.93381", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644510", "reference_id": "1644510", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644510" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090", "reference_id": "913090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16844", "reference_id": "CVE-2018-16844", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16844" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3680", "reference_id": "RHSA-2018:3680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3681", "reference_id": "RHSA-2018:3681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "reference_url": "https://usn.ubuntu.com/3812-1/", "reference_id": "USN-3812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3812-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2018-16844" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bana-j1wy-cfdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/70179?format=api", "vulnerability_id": "VCID-c4ta-jqmg-wfgf", "summary": "lua-nginx-module: HTTP request smuggling via a crafted HEAD request", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33452", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72093", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72089", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.721", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72123", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72108", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72055", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72075", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00705", "scoring_system": "epss", "scoring_elements": "0.72051", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-33452" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361691", "reference_id": "2361691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2361691" }, { "reference_url": "https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/", "reference_id": "OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T19:26:16Z/" } ], "url": "https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2024-33452" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "6.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ta-jqmg-wfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/15?format=api", "vulnerability_id": "VCID-c9ym-ckeq-63dq", "summary": "Memory corruption in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41741", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74876", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74847", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74887", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74897", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74919", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74895", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74882", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00851", "scoring_system": "epss", "scoring_elements": "0.74849", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141495", "reference_id": "2141495", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141495" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/", "reference_id": "BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741", "reference_id": "CVE-2022-41741", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41741" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5281", "reference_id": "dsa-5281", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/", "reference_id": "FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "reference_url": "https://support.f5.com/csp/article/K81926432", "reference_id": "K81926432", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://support.f5.com/csp/article/K81926432" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html", "reference_id": "msg00031.html", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230120-0005/", "reference_id": "ntap-20230120-0005", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7402", "reference_id": "RHSA-2025:7402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7546", "reference_id": "RHSA-2025:7546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7619", "reference_id": "RHSA-2025:7619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7619" }, { "reference_url": "https://usn.ubuntu.com/5722-1/", "reference_id": "USN-5722-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5722-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/", "reference_id": "WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ", "reference_type": "", "scores": [ { "value": "7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-41741" ], "risk_score": 3.5, "exploitability": "0.5", "weighted_severity": "7.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ym-ckeq-63dq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/34?format=api", "vulnerability_id": "VCID-cbn4-utmp-n7ba", "summary": "1-byte memory overwrite in resolver", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23017", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98797", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98794", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98805", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98804", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.73544", "scoring_system": "epss", "scoring_elements": "0.98801", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-23017" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html" }, { "reference_url": "https://nginx.org/download/patch.2021.resolver.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2021.resolver.txt" }, { "reference_url": "https://nginx.org/download/patch.2021.resolver.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2021.resolver.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963121", "reference_id": "1963121", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1963121" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095", "reference_id": "989095", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095" }, { "reference_url": "https://security.archlinux.org/ASA-202106-36", "reference_id": "ASA-202106-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-36" }, { "reference_url": "https://security.archlinux.org/ASA-202106-48", "reference_id": "ASA-202106-48", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-48" }, { "reference_url": "https://security.archlinux.org/AVG-1987", "reference_id": "AVG-1987", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1987" }, { "reference_url": "https://security.archlinux.org/AVG-1988", "reference_id": "AVG-1988", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1988" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py", "reference_id": "CVE-2021-23017", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017", "reference_id": "CVE-2021-23017", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-23017" }, { "reference_url": "https://security.gentoo.org/glsa/202105-38", "reference_id": "GLSA-202105-38", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202105-38" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2258", "reference_id": "RHSA-2021:2258", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2258" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2259", "reference_id": "RHSA-2021:2259", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2259" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2278", "reference_id": "RHSA-2021:2278", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2278" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2290", "reference_id": "RHSA-2021:2290", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2290" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3653", "reference_id": "RHSA-2021:3653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3851", "reference_id": "RHSA-2021:3851", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3851" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3925", "reference_id": "RHSA-2021:3925", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3925" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0323", "reference_id": "RHSA-2022:0323", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0323" }, { "reference_url": "https://usn.ubuntu.com/4967-1/", "reference_id": "USN-4967-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4967-1/" }, { "reference_url": "https://usn.ubuntu.com/4967-2/", "reference_id": "USN-4967-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4967-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-23017" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cbn4-utmp-n7ba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/16?format=api", "vulnerability_id": "VCID-cjx4-a19z-xufq", "summary": "Integer overflow in the range filter", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7529", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99689", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99692", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99693", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.9969", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99691", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.91909", "scoring_system": "epss", "scoring_elements": "0.99694", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.92868", "scoring_system": "epss", "scoring_elements": "0.99768", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-7529" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html" }, { "reference_url": "https://nginx.org/download/patch.2017.ranges.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2017.ranges.txt" }, { "reference_url": "https://nginx.org/download/patch.2017.ranges.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2017.ranges.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468584", "reference_id": "1468584", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1468584" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109", "reference_id": "868109", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109" }, { "reference_url": "https://security.archlinux.org/ASA-201707-11", "reference_id": "ASA-201707-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-11" }, { "reference_url": "https://security.archlinux.org/ASA-201707-12", "reference_id": "ASA-201707-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201707-12" }, { "reference_url": "https://security.archlinux.org/AVG-345", "reference_id": "AVG-345", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-345" }, { "reference_url": "https://security.archlinux.org/AVG-346", "reference_id": "AVG-346", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-346" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529", "reference_id": "CVE-2017-7529", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2017:2538", "reference_id": "RHSA-2017:2538", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2017:2538" }, { "reference_url": "https://usn.ubuntu.com/3352-1/", "reference_id": "USN-3352-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3352-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2017-7529" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cjx4-a19z-xufq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/25?format=api", "vulnerability_id": "VCID-dmv4-ydq9-a7eq", "summary": "Excessive CPU usage in HTTP/2 with small window updates", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94283", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94324", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94302", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94304", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94313", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94318", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94322", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.13948", "scoring_system": "epss", "scoring_elements": "0.94292", "published_at": "2026-04-02T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860", "reference_id": "1741860", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741860" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885", "reference_id": "934885", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/ASA-201908-17", "reference_id": "ASA-201908-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-17" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://security.archlinux.org/AVG-1024", "reference_id": "AVG-1024", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1024" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511", "reference_id": "CVE-2019-9511", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2692", "reference_id": "RHSA-2019:2692", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2692" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2949", "reference_id": "RHSA-2019:2949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3041", "reference_id": "RHSA-2019:3041", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3041" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2067", "reference_id": "RHSA-2020:2067", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2067" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2565", "reference_id": "RHSA-2020:2565", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2565" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3192", "reference_id": "RHSA-2020:3192", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3192" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5856", "reference_id": "RHSA-2024:5856", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5856" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" }, { "reference_url": "https://usn.ubuntu.com/6754-1/", "reference_id": "USN-6754-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6754-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9511" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/12?format=api", "vulnerability_id": "VCID-e49f-y1ky-5yb4", "summary": "Insufficient limits of CNAME resolution in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96904", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96872", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96897", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96899", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96901", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.9688", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96884", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.33182", "scoring_system": "epss", "scoring_elements": "0.96889", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0747" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589", "reference_id": "1302589", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302589" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747", "reference_id": "CVE-2016-0747", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0747" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035549?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0747" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e49f-y1ky-5yb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6?format=api", "vulnerability_id": "VCID-eb23-pd25-yqg3", "summary": "Buffer overread in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7347", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00197", "scoring_system": "epss", "scoring_elements": "0.41622", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42313", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.423", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42348", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42355", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42377", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42341", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00202", "scoring_system": "epss", "scoring_elements": "0.42358", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7347" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html" }, { "reference_url": "https://nginx.org/download/patch.2024.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2024.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2024.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2024.mp4.txt.asc" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971", "reference_id": "1078971", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304966", "reference_id": "2304966", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2304966" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7347", "reference_id": "CVE-2024-7347", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7347" }, { "reference_url": "https://security.gentoo.org/glsa/202409-32", "reference_id": "GLSA-202409-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-32" }, { "reference_url": "https://my.f5.com/manage/s/article/K000140529", "reference_id": "K000140529", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" }, { "value": "5.7", "scoring_system": "cvssv4", "scoring_elements": "CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:27:31Z/" } ], "url": "https://my.f5.com/manage/s/article/K000140529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3261", "reference_id": "RHSA-2025:3261", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3261" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:3262", "reference_id": "RHSA-2025:3262", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:3262" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7402", "reference_id": "RHSA-2025:7402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7542", "reference_id": "RHSA-2025:7542", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7542" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7546", "reference_id": "RHSA-2025:7546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7548", "reference_id": "RHSA-2025:7548", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7548" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7549", "reference_id": "RHSA-2025:7549", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7549" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7619", "reference_id": "RHSA-2025:7619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7619" }, { "reference_url": "https://usn.ubuntu.com/7014-1/", "reference_id": "USN-7014-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7014-1/" }, { "reference_url": "https://usn.ubuntu.com/7014-2/", "reference_id": "USN-7014-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7014-2/" }, { "reference_url": "https://usn.ubuntu.com/7014-3/", "reference_id": "USN-7014-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7014-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2024-7347" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eb23-pd25-yqg3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92255?format=api", "vulnerability_id": "VCID-fgaf-wqmd-gqf3", "summary": "nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)", "references": [ { "reference_url": "https://access.redhat.com/security/cve/cve-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2011-4968" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60112", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6013", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.59987", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60065", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60089", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60059", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.6011", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60123", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00391", "scoring_system": "epss", "scoring_elements": "0.60145", "published_at": "2026-04-11T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4968" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968" }, { "reference_url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/80952" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2011-4968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2011-4968" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/01/03/8", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/01/03/8" }, { "reference_url": "http://www.securityfocus.com/bid/57139", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/57139" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940", "reference_id": "697940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4968", "reference_id": "CVE-2011-4968", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:N" }, { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4968" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2011-4968" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fgaf-wqmd-gqf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/49?format=api", "vulnerability_id": "VCID-g39b-k8vv-kyaq", "summary": "Null pointer dereference vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3896.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3896.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3896", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.85298", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.8531", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.85329", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.85331", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.85352", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.85361", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.85375", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.85373", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02511", "scoring_system": "epss", "scoring_elements": "0.8537", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3896" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3896", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3896" }, { "reference_url": "https://nginx.org/download/patch.null.pointer.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.null.pointer.txt" }, { "reference_url": "https://nginx.org/download/patch.null.pointer.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.null.pointer.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565", "reference_id": "539565", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=539565" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3896", "reference_id": "CVE-2009-3896", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3896" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572017?format=api", "purl": "pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-4mqa-bkha-kbaj" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-ktxc-d5t4-bkhg" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-m393-anc8-dfgf" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qpfs-f882-gqd3" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-wsxq-wqqr-n3ey" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3" } ], "aliases": [ "CVE-2009-3896" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g39b-k8vv-kyaq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/47?format=api", "vulnerability_id": "VCID-jau7-gfz8-dkfa", "summary": "The renegotiation vulnerability in SSL protocol", "references": [ { "reference_url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html" }, { "reference_url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html" }, { "reference_url": "http://blogs.iss.net/archive/sslmitmiscsrf.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blogs.iss.net/archive/sslmitmiscsrf.html" }, { "reference_url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during" }, { "reference_url": "http://clicky.me/tlsvuln", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://clicky.me/tlsvuln" }, { "reference_url": "http://extendedsubset.com/?p=8", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://extendedsubset.com/?p=8" }, { "reference_url": "http://extendedsubset.com/Renegotiating_TLS.pdf", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://extendedsubset.com/Renegotiating_TLS.pdf" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686" }, { "reference_url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041" }, { "reference_url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751" }, { "reference_url": "http://kbase.redhat.com/faq/docs/DOC-20491", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://kbase.redhat.com/faq/docs/DOC-20491" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00001.html" }, { "reference_url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.apple.com/archives/security-announce/2010//May/msg00002.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html" }, { "reference_url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html" }, { "reference_url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html" }, { "reference_url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=126150535619567&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=127128920008563&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=127419602507642&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=127557596201693&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=130497311408250&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=132077688910227&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=133469267822771&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=134254866602253&w=2" }, { "reference_url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=bugtraq&m=142660345230545&w=2" }, { "reference_url": "http://marc.info/?l=cryptography&m=125752275331877&w=2", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://marc.info/?l=cryptography&m=125752275331877&w=2" }, { "reference_url": "http://openbsd.org/errata45.html#010_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openbsd.org/errata45.html#010_openssl" }, { "reference_url": "http://openbsd.org/errata46.html#004_openssl", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://openbsd.org/errata46.html#004_openssl" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1579", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1579" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1580", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1580" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2009:1694", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2009:1694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0011", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0011" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0119", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0119" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0130", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0130" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0155" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0162", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0162" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0163", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0163" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0164", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0164" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0165", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0165" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0166", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0166" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0167" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0337", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0337" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0338", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0338" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0339", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0339" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0408", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0408" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0440", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0440" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0768", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0768" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0770", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0770" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0786", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0786" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0807", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0807" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0865", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0865" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0986", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0986" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2010:0987", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2010:0987" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2011:0880", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2011:0880" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2015:1591", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2015:1591" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/security/cve/CVE-2009-3555" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84701", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84628", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84642", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84662", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84664", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84686", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84693", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84711", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02288", "scoring_system": "epss", "scoring_elements": "0.84707", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3555" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=526689" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=545755" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=533125" }, { "reference_url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bz.apache.org/bugzilla/show_bug.cgi?id=50325" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566" }, { "reference_url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049" }, { "reference_url": "http://seclists.org/fulldisclosure/2009/Nov/139", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://seclists.org/fulldisclosure/2009/Nov/139" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-200912-01.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-200912-01.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201203-22.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201203-22.xml" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201406-32.xml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://security.gentoo.org/glsa/glsa-201406-32.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/54158" }, { "reference_url": "https://github.com/apache/tomcat", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat" }, { "reference_url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5" }, { "reference_url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d" }, { "reference_url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3" }, { "reference_url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701" }, { "reference_url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02" }, { "reference_url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3" }, { "reference_url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d" }, { "reference_url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366" }, { "reference_url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0" }, { "reference_url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888" }, { "reference_url": "https://kb.bluecoat.com/index?page=content&id=SA50", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://kb.bluecoat.com/index?page=content&id=SA50" }, { "reference_url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446" }, { "reference_url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>" }, { "reference_url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt" }, { "reference_url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.cve-2009-3555.txt.asc" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366" }, { "reference_url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535" }, { "reference_url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html" }, { "reference_url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt" }, { "reference_url": "https://tomcat.apache.org/security-5.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-5.html" }, { "reference_url": "https://tomcat.apache.org/security-6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-6.html" }, { "reference_url": "https://tomcat.apache.org/security-7.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://tomcat.apache.org/security-7.html" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1" }, { "reference_url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1" }, { "reference_url": "http://support.apple.com/kb/HT4004", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4004" }, { "reference_url": "http://support.apple.com/kb/HT4170", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4170" }, { "reference_url": "http://support.apple.com/kb/HT4171", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.apple.com/kb/HT4171" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100070150", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.avaya.com/css/P8/documents/100070150" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100081611", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.avaya.com/css/P8/documents/100081611" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114315", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.avaya.com/css/P8/documents/100114315" }, { "reference_url": "http://support.avaya.com/css/P8/documents/100114327", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.avaya.com/css/P8/documents/100114327" }, { "reference_url": "http://support.citrix.com/article/CTX123359", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.citrix.com/article/CTX123359" }, { "reference_url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES" }, { "reference_url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html" }, { "reference_url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html" }, { "reference_url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://sysoev.ru/nginx/patch.cve-2009-3555.txt" }, { "reference_url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html" }, { "reference_url": "http://ubuntu.com/usn/usn-923-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://ubuntu.com/usn/usn-923-1" }, { "reference_url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://wiki.rpath.com/Advisories:rPSA-2009-0155" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21426108" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21432298" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24006386" }, { "reference_url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-01.ibm.com/support/docview.wss?uid=swg24025312" }, { "reference_url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only" }, { "reference_url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.arubanetworks.com/support/alerts/aid-020810.txt" }, { "reference_url": "http://www.betanews.com/article/1257452450", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.betanews.com/article/1257452450" }, { "reference_url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml" }, { "reference_url": "http://www.debian.org/security/2009/dsa-1934", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2009/dsa-1934" }, { "reference_url": "http://www.debian.org/security/2011/dsa-2141", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2011/dsa-2141" }, { "reference_url": "http://www.debian.org/security/2015/dsa-3253", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.debian.org/security/2015/dsa-3253" }, { "reference_url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html" }, { "reference_url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03928.html" }, { "reference_url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ietf.org/mail-archive/web/tls/current/msg03948.html" }, { "reference_url": "http://www.ingate.com/Relnote.php?ver=481", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ingate.com/Relnote.php?ver=481" }, { "reference_url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995" }, { "reference_url": "http://www.kb.cert.org/vuls/id/120541", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.kb.cert.org/vuls/id/120541" }, { "reference_url": "http://www.links.org/?p=780", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.links.org/?p=780" }, { "reference_url": "http://www.links.org/?p=786", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.links.org/?p=786" }, { "reference_url": "http://www.links.org/?p=789", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.links.org/?p=789" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:076" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:084" }, { "reference_url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:089" }, { "reference_url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.mozilla.org/security/announce/2010/mfsa2010-22.html" }, { "reference_url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openoffice.org/security/cves/CVE-2009-3555.html" }, { "reference_url": "http://www.openssl.org/news/secadv_20091111.txt", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openssl.org/news/secadv_20091111.txt" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/05/5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/05/5" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/06/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/06/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/07/3", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/07/3" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/20/1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/20/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2009/11/23/10", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.openwall.com/lists/oss-security/2009/11/23/10" }, { "reference_url": "http://www.opera.com/docs/changelogs/unix/1060", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/docs/changelogs/unix/1060" }, { "reference_url": "http://www.opera.com/support/search/view/944", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.opera.com/support/search/view/944" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html" }, { "reference_url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html" }, { "reference_url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0119.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0130.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0155.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0165.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0167.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0337.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0338.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0339.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0768.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0770.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0786.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0807.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0865.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0986.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2010-0987.html" }, { "reference_url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.redhat.com/support/errata/RHSA-2011-0880.html" }, { "reference_url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html" }, { "reference_url": "http://www.tombom.co.uk/blog/?p=85", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.tombom.co.uk/blog/?p=85" }, { "reference_url": "http://www.ubuntu.com/usn/USN-1010-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-1010-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-927-1" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-4", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-927-4" }, { "reference_url": "http://www.ubuntu.com/usn/USN-927-5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.ubuntu.com/usn/USN-927-5" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-222A.html" }, { "reference_url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.us-cert.gov/cas/techalerts/TA10-287A.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0019.html" }, { "reference_url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/security/advisories/VMSA-2011-0003.html" }, { "reference_url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649", "reference_id": "765649", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py", "reference_id": "CVE-2009-3555", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555", "reference_id": "CVE-2009-3555", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3555" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt" }, { "reference_url": "https://www.securityfocus.com/bid/35888/info", "reference_id": "CVE-2009-3555;OSVDB-59970", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/35888/info" }, { "reference_url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6", "reference_id": "GHSA-f7w7-6pjc-wwm6", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-f7w7-6pjc-wwm6" }, { "reference_url": "https://security.gentoo.org/glsa/200912-01", "reference_id": "GLSA-200912-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200912-01" }, { "reference_url": "https://security.gentoo.org/glsa/201006-18", "reference_id": "GLSA-201006-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201006-18" }, { "reference_url": "https://security.gentoo.org/glsa/201110-05", "reference_id": "GLSA-201110-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201110-05" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" }, { "reference_url": "https://security.gentoo.org/glsa/201206-18", "reference_id": "GLSA-201206-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-18" }, { "reference_url": "https://security.gentoo.org/glsa/201301-01", "reference_id": "GLSA-201301-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201301-01" }, { "reference_url": "https://security.gentoo.org/glsa/201309-15", "reference_id": "GLSA-201309-15", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201309-15" }, { "reference_url": "https://security.gentoo.org/glsa/201311-13", "reference_id": "GLSA-201311-13", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201311-13" }, { "reference_url": "https://security.gentoo.org/glsa/201406-32", "reference_id": "GLSA-201406-32", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-32" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22", "reference_id": "mfsa2010-22", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2010-22" }, { "reference_url": "https://usn.ubuntu.com/1010-1/", "reference_id": "USN-1010-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/1010-1/" }, { "reference_url": "https://usn.ubuntu.com/860-1/", "reference_id": "USN-860-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/860-1/" }, { "reference_url": "https://usn.ubuntu.com/923-1/", "reference_id": "USN-923-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/923-1/" }, { "reference_url": "https://usn.ubuntu.com/927-1/", "reference_id": "USN-927-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-1/" }, { "reference_url": "https://usn.ubuntu.com/927-4/", "reference_id": "USN-927-4", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-4/" }, { "reference_url": "https://usn.ubuntu.com/927-6/", "reference_id": "USN-927-6", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/927-6/" }, { "reference_url": "https://usn.ubuntu.com/990-1/", "reference_id": "USN-990-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-1/" }, { "reference_url": "https://usn.ubuntu.com/990-2/", "reference_id": "USN-990-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/990-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572017?format=api", "purl": "pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-4mqa-bkha-kbaj" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-ktxc-d5t4-bkhg" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-m393-anc8-dfgf" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qpfs-f882-gqd3" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-wsxq-wqqr-n3ey" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3" } ], "aliases": [ "CVE-2009-3555", "GHSA-f7w7-6pjc-wwm6", "VU#120541" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jau7-gfz8-dkfa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/23?format=api", "vulnerability_id": "VCID-jtgk-h6v6-2fgs", "summary": "Use-after-free during CNAME response processing in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94336", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94296", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94317", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94326", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94331", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94335", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94305", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.14006", "scoring_system": "epss", "scoring_elements": "0.94316", "published_at": "2026-04-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0746" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "2.6", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:H/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588", "reference_id": "1302588", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302588" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0746", "reference_id": "CVE-2016-0746", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:P/A:P" }, { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0746" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035549?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0746" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jtgk-h6v6-2fgs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/48?format=api", "vulnerability_id": "VCID-kcsp-h1s5-wbea", "summary": "Excessive memory usage in HTTP/2 with zero length headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.8426", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84326", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84314", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84319", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84337", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.8433", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84272", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84291", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02173", "scoring_system": "epss", "scoring_elements": "0.84292", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-9516" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "low", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864", "reference_id": "1741864", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1741864" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037", "reference_id": "935037", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037" }, { "reference_url": "https://security.archlinux.org/ASA-201908-12", "reference_id": "ASA-201908-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-12" }, { "reference_url": "https://security.archlinux.org/ASA-201908-13", "reference_id": "ASA-201908-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201908-13" }, { "reference_url": "https://security.archlinux.org/AVG-1022", "reference_id": "AVG-1022", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1022" }, { "reference_url": "https://security.archlinux.org/AVG-1023", "reference_id": "AVG-1023", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1023" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516", "reference_id": "CVE-2019-9516", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-9516" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2745", "reference_id": "RHSA-2019:2745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2746", "reference_id": "RHSA-2019:2746", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2746" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2775", "reference_id": "RHSA-2019:2775", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2775" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2799", "reference_id": "RHSA-2019:2799", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2799" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2946", "reference_id": "RHSA-2019:2946", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2946" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2950", "reference_id": "RHSA-2019:2950", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2950" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3932", "reference_id": "RHSA-2019:3932", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3932" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3933", "reference_id": "RHSA-2019:3933", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3933" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3935", "reference_id": "RHSA-2019:3935", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3935" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0922", "reference_id": "RHSA-2020:0922", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0922" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0983", "reference_id": "RHSA-2020:0983", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0983" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1445", "reference_id": "RHSA-2020:1445", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1445" }, { "reference_url": "https://usn.ubuntu.com/4099-1/", "reference_id": "USN-4099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/4099-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-9516" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsp-h1s5-wbea" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/24?format=api", "vulnerability_id": "VCID-ktxc-d5t4-bkhg", "summary": "Buffer overflow in resolver", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4315", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.8607", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.8608", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.86096", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.86114", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.86126", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.8614", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.86139", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02811", "scoring_system": "epss", "scoring_elements": "0.86135", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4315" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4315", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4315" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4315", "reference_id": "CVE-2011-4315", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4315" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" } ], "aliases": [ "CVE-2011-4315" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ktxc-d5t4-bkhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3?format=api", "vulnerability_id": "VCID-m1y8-m8z6-kyg9", "summary": "SPDY heap buffer overflow", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0133.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0133.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0133", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.95596", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.95605", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.9561", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.95612", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.95621", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.95624", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.95629", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.20913", "scoring_system": "epss", "scoring_elements": "0.95631", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-0133" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html" }, { "reference_url": "https://nginx.org/download/patch.2014.spdy2.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2014.spdy2.txt" }, { "reference_url": "https://nginx.org/download/patch.2014.spdy2.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2014.spdy2.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077988", "reference_id": "1077988", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1077988" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742059", "reference_id": "742059", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742059" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0133", "reference_id": "CVE-2014-0133", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0133" }, { "reference_url": "https://security.gentoo.org/glsa/201406-20", "reference_id": "GLSA-201406-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201406-20" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1035547?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5" } ], "aliases": [ "CVE-2014-0133" ], "risk_score": 0.1, "exploitability": "0.5", "weighted_severity": "0.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m1y8-m8z6-kyg9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/32?format=api", "vulnerability_id": "VCID-m393-anc8-dfgf", "summary": "Buffer overflow in the ngx_http_mp4_module", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2089", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.89995", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.89998", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.9001", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.90015", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.90031", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.90037", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.90045", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.90044", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.05317", "scoring_system": "epss", "scoring_elements": "0.90038", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-2089" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2089", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2089" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html" }, { "reference_url": "https://nginx.org/download/patch.2012.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2012.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2012.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2012.mp4.txt.asc" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2089", "reference_id": "CVE-2012-2089", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2089" }, { "reference_url": "https://security.gentoo.org/glsa/201206-07", "reference_id": "GLSA-201206-07", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201206-07" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" } ], "aliases": [ "CVE-2012-2089" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m393-anc8-dfgf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39?format=api", "vulnerability_id": "VCID-mhdp-u59y-2kgw", "summary": "Buffer underflow vulnerability", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2629.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2629.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2629", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.781", "scoring_system": "epss", "scoring_elements": "0.99012", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.781", "scoring_system": "epss", "scoring_elements": "0.99015", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.781", "scoring_system": "epss", "scoring_elements": "0.99017", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.781", "scoring_system": "epss", "scoring_elements": "0.99011", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.781", "scoring_system": "epss", "scoring_elements": "0.99014", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.80762", "scoring_system": "epss", "scoring_elements": "0.99135", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.80762", "scoring_system": "epss", "scoring_elements": "0.99134", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-2629" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629" }, { "reference_url": "https://nginx.org/download/patch.180065.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.180065.txt" }, { "reference_url": "https://nginx.org/download/patch.180065.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.180065.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=523105", "reference_id": "523105", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=523105" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/14830.py", "reference_id": "CVE-2009-2629", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/14830.py" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2629", "reference_id": "CVE-2009-2629", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-2629" }, { "reference_url": "https://security.gentoo.org/glsa/200909-18", "reference_id": "GLSA-200909-18", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/200909-18" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572017?format=api", "purl": "pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-4mqa-bkha-kbaj" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-ktxc-d5t4-bkhg" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-m393-anc8-dfgf" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qpfs-f882-gqd3" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-wsxq-wqqr-n3ey" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3" } ], "aliases": [ "CVE-2009-2629", "VU#180065" ], "risk_score": 1.4, "exploitability": "2.0", "weighted_severity": "0.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mhdp-u59y-2kgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44?format=api", "vulnerability_id": "VCID-nckn-qkc8-t7ge", "summary": "Memory disclosure in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90931", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90981", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90936", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90945", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90956", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.06332", "scoring_system": "epss", "scoring_elements": "0.90966", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16845" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html" }, { "reference_url": "https://nginx.org/download/patch.2018.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2018.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2018.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2018.mp4.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644508", "reference_id": "1644508", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644508" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090", "reference_id": "913090", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16845", "reference_id": "CVE-2018-16845", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16845" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3652", "reference_id": "RHSA-2018:3652", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3652" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3653", "reference_id": "RHSA-2018:3653", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3653" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3680", "reference_id": "RHSA-2018:3680", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3680" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3681", "reference_id": "RHSA-2018:3681", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2018:3681" }, { "reference_url": "https://usn.ubuntu.com/3812-1/", "reference_id": "USN-3812-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3812-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036992?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2018-16845" ], "risk_score": 3.7, "exploitability": "0.5", "weighted_severity": "7.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nckn-qkc8-t7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/59738?format=api", "vulnerability_id": "VCID-p933-hxvk-37bk", "summary": "Gentoo's NGINX ebuilds are vulnerable to privilege escalation due\n to the way log files are handled.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1247", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92947", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92976", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92972", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92977", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92975", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92956", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92961", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.9296", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0983", "scoring_system": "epss", "scoring_elements": "0.92968", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-1247" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:M/Au:S/C:C/I:P/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390182", "reference_id": "1390182", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1390182" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295", "reference_id": "842295", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295" }, { "reference_url": "https://security.archlinux.org/ASA-201701-23", "reference_id": "ASA-201701-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-23" }, { "reference_url": "https://security.archlinux.org/ASA-201701-24", "reference_id": "ASA-201701-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201701-24" }, { "reference_url": "https://security.archlinux.org/AVG-138", "reference_id": "AVG-138", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-138" }, { "reference_url": "https://security.archlinux.org/AVG-139", "reference_id": "AVG-139", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-139" }, { "reference_url": "http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html", "reference_id": "CVE-2016-1247", "reference_type": "exploit", "scores": [], "url": "http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh", "reference_id": "CVE-2016-1247", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh" }, { "reference_url": "https://security.gentoo.org/glsa/201701-22", "reference_id": "GLSA-201701-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201701-22" }, { "reference_url": "https://usn.ubuntu.com/3114-1/", "reference_id": "USN-3114-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3114-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-1247" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p933-hxvk-37bk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/33?format=api", "vulnerability_id": "VCID-pmrf-dxst-p7a7", "summary": "Request line parsing vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4547", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.90921", "scoring_system": "epss", "scoring_elements": "0.9963", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.90921", "scoring_system": "epss", "scoring_elements": "0.99629", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.90921", "scoring_system": "epss", "scoring_elements": "0.99632", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.90921", "scoring_system": "epss", "scoring_elements": "0.99633", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-4547" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html" }, { "reference_url": "https://nginx.org/download/patch.2013.space.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2013.space.txt" }, { "reference_url": "https://nginx.org/download/patch.2013.space.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2013.space.txt.asc" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012", "reference_id": "730012", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4547", "reference_id": "CVE-2013-4547", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4547" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38846.txt", "reference_id": "CVE-2013-4547;OSVDB-100015", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38846.txt" }, { "reference_url": "https://www.securityfocus.com/bid/63814/info", "reference_id": "CVE-2013-4547;OSVDB-100015", "reference_type": "exploit", "scores": [], "url": "https://www.securityfocus.com/bid/63814/info" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035547?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5" } ], "aliases": [ "CVE-2013-4547" ], "risk_score": 7.0, "exploitability": "2.0", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pmrf-dxst-p7a7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/92358?format=api", "vulnerability_id": "VCID-qpfs-f882-gqd3", "summary": "Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.", "references": [ { "reference_url": "http://code.google.com/p/naxsi/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://code.google.com/p/naxsi/" }, { "reference_url": "http://code.google.com/p/naxsi/source/detail?r=307", "reference_id": "", "reference_type": "", "scores": [], "url": "http://code.google.com/p/naxsi/source/detail?r=307" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3380", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37649", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37549", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37731", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37756", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37633", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37685", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37698", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37712", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00166", "scoring_system": "epss", "scoring_elements": "0.37677", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-3380" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3380", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3380" }, { "reference_url": "http://secunia.com/advisories/49811", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/49811" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/07/05/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/07/05/1" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2012/07/06/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2012/07/06/3" }, { "reference_url": "http://www.osvdb.org/83617", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.osvdb.org/83617" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3380", "reference_id": "CVE-2012-3380", "reference_type": "", "scores": [ { "value": "2.1", "scoring_system": "cvssv2", "scoring_elements": "AV:L/AC:L/Au:N/C:P/I:N/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3380" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" } ], "aliases": [ "CVE-2012-3380" ], "risk_score": 0.9, "exploitability": "0.5", "weighted_severity": "1.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpfs-f882-gqd3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/37?format=api", "vulnerability_id": "VCID-qzcz-zvv6-dyda", "summary": "Invalid pointer dereference in resolver", "references": [ { "reference_url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99122", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99113", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99114", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99117", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.9912", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.80364", "scoring_system": "epss", "scoring_elements": "0.99121", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-0742" }, { "reference_url": "https://bto.bluecoat.com/security-advisory/sa115", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bto.bluecoat.com/security-advisory/sa115" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747" }, { "reference_url": "http://seclists.org/fulldisclosure/2021/Sep/36", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/fulldisclosure/2021/Sep/36" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html" }, { "reference_url": "https://support.apple.com/kb/HT212818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://support.apple.com/kb/HT212818" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3473", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3473" }, { "reference_url": "http://www.securitytracker.com/id/1034869", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1034869" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2892-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2892-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587", "reference_id": "1302587", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1302587" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806", "reference_id": "812806", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0742", "reference_id": "CVE-2016-0742", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0742" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2892-1/", "reference_id": "USN-2892-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2892-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035549?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-0742" ], "risk_score": 10.0, "exploitability": "2.0", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qzcz-zvv6-dyda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/10?format=api", "vulnerability_id": "VCID-rsr7-p977-tycc", "summary": "NULL pointer dereference while writing client request body", "references": [ { "reference_url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4450", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88453", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88405", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88445", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88451", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88462", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88454", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88414", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88422", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04016", "scoring_system": "epss", "scoring_elements": "0.88426", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2016-4450" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html" }, { "reference_url": "https://nginx.org/download/patch.2016.write2.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write2.txt" }, { "reference_url": "https://nginx.org/download/patch.2016.write2.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write2.txt.asc" }, { "reference_url": "https://nginx.org/download/patch.2016.write.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write.txt" }, { "reference_url": "https://nginx.org/download/patch.2016.write.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2016.write.txt.asc" }, { "reference_url": "http://www.debian.org/security/2016/dsa-3592", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2016/dsa-3592" }, { "reference_url": "http://www.securityfocus.com/bid/90967", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/90967" }, { "reference_url": "http://www.securitytracker.com/id/1036019", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1036019" }, { "reference_url": "http://www.ubuntu.com/usn/USN-2991-1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.ubuntu.com/usn/USN-2991-1" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462", "reference_id": "1341462", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1341462" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960", "reference_id": "825960", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4450", "reference_id": "CVE-2016-4450", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:N/I:N/A:P" }, { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4450" }, { "reference_url": "https://security.gentoo.org/glsa/201606-06", "reference_id": "GLSA-201606-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201606-06" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2016:1425", "reference_id": "RHSA-2016:1425", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2016:1425" }, { "reference_url": "https://usn.ubuntu.com/2991-1/", "reference_id": "USN-2991-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2991-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/1036991?format=api", "purl": "pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2" } ], "aliases": [ "CVE-2016-4450" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rsr7-p977-tycc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42?format=api", "vulnerability_id": "VCID-t6gs-g1cq-hqem", "summary": "Directory traversal vulnerability", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77756", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77762", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77789", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77773", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.778", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77805", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77831", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77815", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.01078", "scoring_system": "epss", "scoring_elements": "0.77814", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2009-3898" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3898", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3898" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557389", "reference_id": "557389", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557389" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3898", "reference_id": "CVE-2009-3898", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-3898" }, { "reference_url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9829.txt", "reference_id": "CVE-2009-3898;OSVDB-58328", "reference_type": "exploit", "scores": [], "url": "https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9829.txt" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572017?format=api", "purl": "pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-4mqa-bkha-kbaj" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-ktxc-d5t4-bkhg" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-m393-anc8-dfgf" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qpfs-f882-gqd3" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-wsxq-wqqr-n3ey" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3" } ], "aliases": [ "CVE-2009-3898" ], "risk_score": null, "exploitability": "2.0", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-t6gs-g1cq-hqem" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/13?format=api", "vulnerability_id": "VCID-u25m-v3f6-23dk", "summary": "Memory disclosure with specially crafted HTTP backend responses", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html" }, { "reference_url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" }, { "reference_url": "http://nginx.org/download/patch.2013.proxy.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "http://nginx.org/download/patch.2013.proxy.txt" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2070", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.89248", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.892", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.89245", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.89255", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.89251", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.89206", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.8922", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.89222", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.04601", "scoring_system": "epss", "scoring_elements": "0.8924", "published_at": "2026-04-08T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2013-2070" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=962525" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070" }, { "reference_url": "http://seclists.org/oss-sec/2013/q2/291", "reference_id": "", "reference_type": "", "scores": [], "url": "http://seclists.org/oss-sec/2013/q2/291" }, { "reference_url": "http://secunia.com/advisories/55181", "reference_id": "", "reference_type": "", "scores": [], "url": "http://secunia.com/advisories/55181" }, { "reference_url": "http://security.gentoo.org/glsa/glsa-201310-04.xml", "reference_id": "", "reference_type": "", "scores": [], "url": "http://security.gentoo.org/glsa/glsa-201310-04.xml" }, { "reference_url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84172", "reference_id": "", "reference_type": "", "scores": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84172" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.4", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:L/Au:N/C:P/I:N/A:P" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html" }, { "reference_url": "https://nginx.org/download/patch.2013.chunked.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2013.chunked.txt" }, { "reference_url": "https://nginx.org/download/patch.2013.chunked.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2013.chunked.txt.asc" }, { "reference_url": "https://nginx.org/download/patch.2013.proxy.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2013.proxy.txt" }, { "reference_url": "https://nginx.org/download/patch.2013.proxy.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2013.proxy.txt.asc" }, { "reference_url": "http://www.debian.org/security/2013/dsa-2721", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2013/dsa-2721" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2013/05/13/3", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.openwall.com/lists/oss-security/2013/05/13/3" }, { "reference_url": "http://www.securityfocus.com/bid/59824", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/59824" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164", "reference_id": "708164", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2070", "reference_id": "CVE-2013-2070", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:N/A:P" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2070" }, { "reference_url": "https://security.gentoo.org/glsa/201310-04", "reference_id": "GLSA-201310-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201310-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035547?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5" } ], "aliases": [ "CVE-2013-2070" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u25m-v3f6-23dk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/80226?format=api", "vulnerability_id": "VCID-u8aq-2qhu-gff5", "summary": "ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69833", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69896", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69886", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69902", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69925", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.6991", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69845", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.6986", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00615", "scoring_system": "epss", "scoring_elements": "0.69837", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-3618" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623", "reference_id": "1975623", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1975623" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328", "reference_id": "991328", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329", "reference_id": "991329", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331", "reference_id": "991331", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331" }, { "reference_url": "https://security.archlinux.org/AVG-2101", "reference_id": "AVG-2101", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2101" }, { "reference_url": "https://security.archlinux.org/AVG-2102", "reference_id": "AVG-2102", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2102" }, { "reference_url": "https://security.archlinux.org/AVG-2103", "reference_id": "AVG-2103", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2103" }, { "reference_url": "https://usn.ubuntu.com/5371-1/", "reference_id": "USN-5371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-1/" }, { "reference_url": "https://usn.ubuntu.com/5371-2/", "reference_id": "USN-5371-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-2/" }, { "reference_url": "https://usn.ubuntu.com/6379-1/", "reference_id": "USN-6379-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6379-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2021-3618" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u8aq-2qhu-gff5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/85848?format=api", "vulnerability_id": "VCID-uqb5-ensa-8yht", "summary": "regression update", "references": [], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1036331?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5" } ], "aliases": [ "DSA-3701-2 nginx" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uqb5-ensa-8yht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/22?format=api", "vulnerability_id": "VCID-wc3j-5xmu-kyex", "summary": "Memory disclosure in the ngx_http_mp4_module", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41742", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.27047", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.2701", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26855", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26912", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26956", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26953", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26906", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00097", "scoring_system": "epss", "scoring_elements": "0.26837", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-41742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt" }, { "reference_url": "https://nginx.org/download/patch.2022.mp4.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2022.mp4.txt.asc" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141496", "reference_id": "2141496", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2141496" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/", "reference_id": "BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742", "reference_id": "CVE-2022-41742", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41742" }, { "reference_url": "https://www.debian.org/security/2022/dsa-5281", "reference_id": "dsa-5281", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://www.debian.org/security/2022/dsa-5281" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/", "reference_id": "FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/" }, { "reference_url": "https://support.f5.com/csp/article/K28112382", "reference_id": "K28112382", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://support.f5.com/csp/article/K28112382" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html", "reference_id": "msg00031.html", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230120-0005/", "reference_id": "ntap-20230120-0005", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230120-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7402", "reference_id": "RHSA-2025:7402", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7402" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7546", "reference_id": "RHSA-2025:7546", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7546" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:7619", "reference_id": "RHSA-2025:7619", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:7619" }, { "reference_url": "https://usn.ubuntu.com/5722-1/", "reference_id": "USN-5722-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5722-1/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/", "reference_id": "WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ", "reference_type": "", "scores": [ { "value": "7.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994843?format=api", "purl": "pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-d1c6-dt2p-9kaa" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-hemy-pnpj-sfg3" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3" } ], "aliases": [ "CVE-2022-41742" ], "risk_score": 3.2, "exploitability": "0.5", "weighted_severity": "6.4", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wc3j-5xmu-kyex" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/31?format=api", "vulnerability_id": "VCID-wsxq-wqqr-n3ey", "summary": "Memory disclosure with specially crafted backend responses", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1180", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86659", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86669", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86688", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86687", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86706", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86716", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86729", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.86727", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.03062", "scoring_system": "epss", "scoring_elements": "0.8672", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2012-1180" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html", "reference_id": "", "reference_type": "", "scores": [], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html" }, { "reference_url": "https://nginx.org/download/patch.2012.memory.txt", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2012.memory.txt" }, { "reference_url": "https://nginx.org/download/patch.2012.memory.txt.asc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://nginx.org/download/patch.2012.memory.txt.asc" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664137", "reference_id": "664137", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664137" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1180", "reference_id": "CVE-2012-1180", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1180" }, { "reference_url": "https://security.gentoo.org/glsa/201203-22", "reference_id": "GLSA-201203-22", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201203-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" } ], "aliases": [ "CVE-2012-1180" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wsxq-wqqr-n3ey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/17?format=api", "vulnerability_id": "VCID-x8ck-rceh-ukdw", "summary": "SSL session reuse vulnerability", "references": [ { "reference_url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3616.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3616.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3616", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.85161", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.8509", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.85167", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.85165", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.85103", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.8512", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.85124", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.85145", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.02435", "scoring_system": "epss", "scoring_elements": "0.85153", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-3616" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616" }, { "reference_url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "medium", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html" }, { "reference_url": "http://www.debian.org/security/2014/dsa-3029", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.debian.org/security/2014/dsa-3029" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142573", "reference_id": "1142573", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1142573" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940", "reference_id": "761940", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3616", "reference_id": "CVE-2014-3616", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:N/I:P/A:N" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-3616" }, { "reference_url": "https://security.gentoo.org/glsa/201502-06", "reference_id": "GLSA-201502-06", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201502-06" }, { "reference_url": "https://usn.ubuntu.com/2351-1/", "reference_id": "USN-2351-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2351-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/572019?format=api", "purl": "pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-asr7-uwpu-a7a5" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-m1y8-m8z6-kyg9" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-pmrf-dxst-p7a7" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u25m-v3f6-23dk" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-x8ck-rceh-ukdw" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4" }, { "url": "http://public2.vulnerablecode.io/api/packages/1035547?format=api", "purl": "pkg:deb/debian/nginx@1.6.2-5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-64n7-ygvq-cfds" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-bana-j1wy-cfdy" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-cjx4-a19z-xufq" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-e49f-y1ky-5yb4" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-fgaf-wqmd-gqf3" }, { "vulnerability": "VCID-jtgk-h6v6-2fgs" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-nckn-qkc8-t7ge" }, { "vulnerability": "VCID-p933-hxvk-37bk" }, { "vulnerability": "VCID-qzcz-zvv6-dyda" }, { "vulnerability": "VCID-rsr7-p977-tycc" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-uqb5-ensa-8yht" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" }, { "vulnerability": "VCID-yu2j-f4q9-bbcx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5" } ], "aliases": [ "CVE-2014-3616" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ck-rceh-ukdw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/94585?format=api", "vulnerability_id": "VCID-y3tg-7fge-1yfy", "summary": "ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36309", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.61963", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62034", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62065", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62035", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62084", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62102", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62122", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.62111", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00423", "scoring_system": "epss", "scoring_elements": "0.6209", "published_at": "2026-04-13T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-36309" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787", "reference_id": "986787", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787" }, { "reference_url": "https://usn.ubuntu.com/5371-1/", "reference_id": "USN-5371-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5371-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/994844?format=api", "purl": "pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2cu7-pyw5-t3dm" }, { "vulnerability": "VCID-3czf-dtzg-8kdm" }, { "vulnerability": "VCID-5781-s1ny-q7ey" }, { "vulnerability": "VCID-fmvd-vyt7-mkfk" }, { "vulnerability": "VCID-kpjx-rrjs-subs" }, { "vulnerability": "VCID-sxf9-qr1j-u3et" }, { "vulnerability": "VCID-z3xb-4krg-rbae" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3" } ], "aliases": [ "CVE-2020-36309" ], "risk_score": null, "exploitability": "0.5", "weighted_severity": "0.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y3tg-7fge-1yfy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/83977?format=api", "vulnerability_id": "VCID-yu2j-f4q9-bbcx", "summary": "nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87118", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87065", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87075", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87094", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87087", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87108", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87115", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87128", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.0325", "scoring_system": "epss", "scoring_elements": "0.87123", "published_at": "2026-04-12T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-20005" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005" }, { "reference_url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf", "reference_id": "0206ebe76f748bb39d9de4dd4b3fce777fdfdccf", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf" }, { "reference_url": "https://trac.nginx.org/nginx/ticket/1368", "reference_id": "1368", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://trac.nginx.org/nginx/ticket/1368" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974192", "reference_id": "1974192", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1974192" }, { "reference_url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b", "reference_id": "b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b" }, { "reference_url": "http://nginx.org/en/CHANGES", "reference_id": "CHANGES", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "http://nginx.org/en/CHANGES" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html", "reference_id": "msg00009.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20210805-0006/", "reference_id": "ntap-20210805-0006", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20210805-0006/" }, { "reference_url": "https://usn.ubuntu.com/5109-1/", "reference_id": "USN-5109-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5109-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/1037901?format=api", "purl": "pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-22cq-z7km-cfdc" }, { "vulnerability": "VCID-36pf-ddpb-3khs" }, { "vulnerability": "VCID-3ysf-pvuu-47bs" }, { "vulnerability": "VCID-9hzg-r1fj-pubf" }, { "vulnerability": "VCID-c4ta-jqmg-wfgf" }, { "vulnerability": "VCID-c9ym-ckeq-63dq" }, { "vulnerability": "VCID-cbn4-utmp-n7ba" }, { "vulnerability": "VCID-dmv4-ydq9-a7eq" }, { "vulnerability": "VCID-eb23-pd25-yqg3" }, { "vulnerability": "VCID-kcsp-h1s5-wbea" }, { "vulnerability": "VCID-u8aq-2qhu-gff5" }, { "vulnerability": "VCID-wc3j-5xmu-kyex" }, { "vulnerability": "VCID-y3tg-7fge-1yfy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4" } ], "aliases": [ "CVE-2017-20005" ], "risk_score": 4.4, "exploitability": "0.5", "weighted_severity": "8.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yu2j-f4q9-bbcx" } ], "fixing_vulnerabilities": [], "risk_score": "10.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.6.32-3%252Blenny3" }