Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-k8ja-5uz5-zbhe

Summary An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.

Aliases

alias	CVE-2016-9074

Fixed_packages

url	pkg:deb/debian/firefox-esr@45.5.0esr-1?distro=trixie
purl	pkg:deb/debian/firefox-esr@45.5.0esr-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@45.5.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
purl	pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@115.14.0esr-1~deb11u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb12u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.10.2esr-1~deb13u1%3Fdistro=trixie

url pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

purl pkg:deb/debian/firefox-esr@140.11.0esr-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gwvj-7ub4-c3g7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/firefox-esr@140.11.0esr-1%3Fdistro=trixie

url	pkg:deb/debian/nss@2:3.26.2-1?distro=trixie
purl	pkg:deb/debian/nss@2:3.26.2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1%3Fdistro=trixie

url pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie

purl pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tdh-tupa-23en

vulnerability	VCID-5dqq-xwr4-pbfv

vulnerability	VCID-gxau-xxpj-fufj

vulnerability	VCID-jd6h-m6sm-xqbt

vulnerability	VCID-mg3r-rr93-zuen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie

url pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie

purl pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2tdh-tupa-23en

vulnerability	VCID-5dqq-xwr4-pbfv

vulnerability	VCID-7vub-2tme-ffbs

vulnerability	VCID-gxau-xxpj-fufj

vulnerability	VCID-jd6h-m6sm-xqbt

vulnerability	VCID-mg3r-rr93-zuen

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie

url	pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/nss@2:3.123.1-1?distro=trixie
purl	pkg:deb/debian/nss@2:3.123.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.123.1-1%3Fdistro=trixie

url	pkg:deb/debian/nss@2:3.124-1?distro=trixie
purl	pkg:deb/debian/nss@2:3.124-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie

url	pkg:ebuild/dev-libs/nss@3.28
purl	pkg:ebuild/dev-libs/nss@3.28
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nss@3.28

url	pkg:ebuild/mail-client/thunderbird@45.6.0
purl	pkg:ebuild/mail-client/thunderbird@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@45.6.0

url	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
purl	pkg:ebuild/mail-client/thunderbird-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@45.6.0

url	pkg:ebuild/www-client/firefox@45.6.0
purl	pkg:ebuild/www-client/firefox@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@45.6.0

url	pkg:ebuild/www-client/firefox-bin@45.6.0
purl	pkg:ebuild/www-client/firefox-bin@45.6.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@45.6.0

Affected_packages

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9074

reference_id

reference_type

scores

value	0.01221
scoring_system	epss
scoring_elements	0.79401
published_at	2026-05-29T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv2
scoring_elements	AV:N/AC:H/Au:N/C:P/I:P/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1396548
reference_id	1396548
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1396548

reference_url	https://security.gentoo.org/glsa/201701-15
reference_id	GLSA-201701-15
reference_type
scores
url	https://security.gentoo.org/glsa/201701-15

reference_url	https://security.gentoo.org/glsa/201701-46
reference_id	GLSA-201701-46
reference_type
scores
url	https://security.gentoo.org/glsa/201701-46

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_id

mfsa2016-89

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-89

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_id

mfsa2016-90

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-90

reference_url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_id

mfsa2016-93

reference_type

scores

value	critical
scoring_system	generic_textual
scoring_elements

url

https://www.mozilla.org/en-US/security/advisories/mfsa2016-93

reference_url	https://usn.ubuntu.com/3163-1/
reference_id	USN-3163-1
reference_type
scores
url	https://usn.ubuntu.com/3163-1/

Weaknesses

cwe_id	385
name	Covert Timing Channel
description	Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Exploits

Severity_range_score 3.7 - 10.0

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-k8ja-5uz5-zbhe

Vulnerability Instance