Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/2708?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/2708?format=api", "vulnerability_id": "VCID-czk2-34xv-pbfr", "summary": "Antoine Delignat-Lavaud, security researcher at Inria Paris\nin team Prosecco, reported an issue in Network Security Services (NSS) libraries\naffecting all versions. He discovered that NSS is vulnerable to a variant of a\nsignature forgery attack previously published by Daniel Bleichenbacher. This is\ndue to lenient parsing of ASN.1 values involved in a signature and could lead to\nthe forging of RSA certificates.The Advanced Threat Research team at Intel Security also independently\ndiscovered and reported this issue.These have been addressed in the NSS releases shipping on affected Mozilla\nproducts:", "aliases": [ { "alias": "CVE-2014-1568" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/355163?format=api", "purl": "pkg:deb/debian/nss@2:3.17.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/355149?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tdh-tupa-23en" }, { "vulnerability": "VCID-5dqq-xwr4-pbfv" }, { "vulnerability": "VCID-gxau-xxpj-fufj" }, { "vulnerability": "VCID-jd6h-m6sm-xqbt" }, { "vulnerability": "VCID-mg3r-rr93-zuen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/355147?format=api", "purl": "pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2tdh-tupa-23en" }, { "vulnerability": "VCID-5dqq-xwr4-pbfv" }, { "vulnerability": "VCID-7vub-2tme-ffbs" }, { "vulnerability": "VCID-gxau-xxpj-fufj" }, { "vulnerability": "VCID-jd6h-m6sm-xqbt" }, { "vulnerability": "VCID-mg3r-rr93-zuen" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/355152?format=api", "purl": "pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/355150?format=api", "purl": "pkg:deb/debian/nss@2:3.123.1-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.123.1-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/355151?format=api", "purl": "pkg:deb/debian/nss@2:3.124-1?distro=trixie", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie" }, { "url": "http://public2.vulnerablecode.io/api/packages/336817?format=api", "purl": "pkg:ebuild/dev-libs/nspr@2.33.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@2.33.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/336818?format=api", "purl": "pkg:ebuild/dev-libs/nspr@4.10.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@4.10.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/336819?format=api", "purl": "pkg:ebuild/dev-libs/nspr@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@31.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/336820?format=api", "purl": "pkg:ebuild/dev-libs/nspr@31.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-libs/nspr@31.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/336807?format=api", "purl": "pkg:ebuild/mail-client/thunderbird@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@31.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/336808?format=api", "purl": "pkg:ebuild/mail-client/thunderbird@31.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird@31.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/336809?format=api", "purl": "pkg:ebuild/mail-client/thunderbird-bin@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@31.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/336810?format=api", "purl": "pkg:ebuild/mail-client/thunderbird-bin@31.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/mail-client/thunderbird-bin@31.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/336805?format=api", "purl": "pkg:ebuild/www-client/firefox@31.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox@31.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/336806?format=api", "purl": "pkg:ebuild/www-client/firefox-bin@31.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/firefox-bin@31.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/336811?format=api", "purl": "pkg:ebuild/www-client/seamonkey@2.33.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@2.33.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/336812?format=api", "purl": "pkg:ebuild/www-client/seamonkey@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@31.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/336813?format=api", "purl": "pkg:ebuild/www-client/seamonkey@31.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey@31.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/336814?format=api", "purl": "pkg:ebuild/www-client/seamonkey-bin@2.33.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@2.33.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/336815?format=api", "purl": "pkg:ebuild/www-client/seamonkey-bin@31.5.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@31.5.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/336816?format=api", "purl": "pkg:ebuild/www-client/seamonkey-bin@31.5.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:ebuild/www-client/seamonkey-bin@31.5.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/876?format=api", "purl": "pkg:mozilla/Firefox@32.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@32.0.3" }, { "url": "http://public2.vulnerablecode.io/api/packages/877?format=api", "purl": "pkg:mozilla/Firefox%20ESR@24.8.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@24.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/878?format=api", "purl": "pkg:mozilla/Firefox%20ESR@31.1.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520ESR@31.1.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/866?format=api", "purl": "pkg:mozilla/Firefox%20OS@2.2.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox%2520OS@2.2.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/882?format=api", "purl": "pkg:mozilla/NSS@3.16.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/NSS@3.16.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/883?format=api", "purl": "pkg:mozilla/NSS@3.17.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/NSS@3.17.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/881?format=api", "purl": "pkg:mozilla/SeaMonkey@2.29.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.29.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/880?format=api", "purl": "pkg:mozilla/Thunderbird@24.8.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@24.8.1" }, { "url": "http://public2.vulnerablecode.io/api/packages/879?format=api", "purl": "pkg:mozilla/Thunderbird@31.1.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@31.1.2" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/277968?format=api", "purl": "pkg:rpm/redhat/nss@3.12.8-10?arch=el5_6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.12.8-10%3Farch=el5_6" }, { "url": "http://public2.vulnerablecode.io/api/packages/277931?format=api", "purl": "pkg:rpm/redhat/nss@3.12.10-10?arch=el4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.12.10-10%3Farch=el4" }, { "url": "http://public2.vulnerablecode.io/api/packages/277954?format=api", "purl": "pkg:rpm/redhat/nss@3.13.1-11?arch=el6_2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.13.1-11%3Farch=el6_2" }, { "url": "http://public2.vulnerablecode.io/api/packages/277949?format=api", "purl": "pkg:rpm/redhat/nss@3.14.3-8?arch=el6_4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.14.3-8%3Farch=el6_4" }, { "url": "http://public2.vulnerablecode.io/api/packages/277962?format=api", "purl": "pkg:rpm/redhat/nss@3.14.3-10?arch=el5_9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.14.3-10%3Farch=el5_9" }, { "url": "http://public2.vulnerablecode.io/api/packages/277935?format=api", "purl": "pkg:rpm/redhat/nss@3.16.1-4?arch=el5_11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.16.1-4%3Farch=el5_11" }, { "url": "http://public2.vulnerablecode.io/api/packages/277950?format=api", "purl": "pkg:rpm/redhat/nss@3.16.1-7?arch=el6_5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.16.1-7%3Farch=el6_5" }, { "url": "http://public2.vulnerablecode.io/api/packages/277958?format=api", "purl": "pkg:rpm/redhat/nss@3.16.2-7?arch=el7_0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss@3.16.2-7%3Farch=el7_0" }, { "url": "http://public2.vulnerablecode.io/api/packages/277932?format=api", "purl": "pkg:rpm/redhat/nss-softokn@3.12.9-12?arch=el6_2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.12.9-12%3Farch=el6_2" }, { "url": "http://public2.vulnerablecode.io/api/packages/277942?format=api", "purl": "pkg:rpm/redhat/nss-softokn@3.14.3-4?arch=el6_4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.14.3-4%3Farch=el6_4" }, { "url": "http://public2.vulnerablecode.io/api/packages/277936?format=api", "purl": "pkg:rpm/redhat/nss-softokn@3.14.3-12?arch=el6_5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.14.3-12%3Farch=el6_5" }, { "url": "http://public2.vulnerablecode.io/api/packages/277948?format=api", "purl": "pkg:rpm/redhat/nss-softokn@3.16.2-2?arch=el7_0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-softokn@3.16.2-2%3Farch=el7_0" }, { "url": "http://public2.vulnerablecode.io/api/packages/277933?format=api", "purl": "pkg:rpm/redhat/nss-util@3.13.1-6?arch=el6_2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-util@3.13.1-6%3Farch=el6_2" }, { "url": "http://public2.vulnerablecode.io/api/packages/277934?format=api", "purl": "pkg:rpm/redhat/nss-util@3.14.3-4?arch=el6_4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-util@3.14.3-4%3Farch=el6_4" }, { "url": "http://public2.vulnerablecode.io/api/packages/277946?format=api", "purl": "pkg:rpm/redhat/nss-util@3.16.1-2?arch=el6_5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-util@3.16.1-2%3Farch=el6_5" }, { "url": "http://public2.vulnerablecode.io/api/packages/277964?format=api", "purl": "pkg:rpm/redhat/nss-util@3.16.2-2?arch=el7_0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-czk2-34xv-pbfr" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/nss-util@3.16.2-2%3Farch=el7_0" }, { "url": "http://public2.vulnerablecode.io/api/packages/277865?format=api", "purl": "pkg:rpm/redhat/rhev-hypervisor6@6.5-20140930.1?arch=el6ev", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-avat-5573-sydf" }, { "vulnerability": "VCID-czk2-34xv-pbfr" }, { "vulnerability": "VCID-hw7w-kuvw-kqcx" }, { "vulnerability": "VCID-tf5m-enh6-j3h9" }, { "vulnerability": "VCID-xact-v6eg-p3dw" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rhev-hypervisor6@6.5-20140930.1%3Farch=el6ev" } ], "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1568.json", "reference_id": "", "reference_type": "", "scores": [], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-1568.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1568", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.336", "scoring_system": "epss", "scoring_elements": "0.97017", "published_at": "2026-05-29T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2014-1568" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145429", "reference_id": "1145429", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1145429" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568", "reference_id": "CVE-2014-1568", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568" }, { "reference_url": "https://security.gentoo.org/glsa/201504-01", "reference_id": "GLSA-201504-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201504-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-73", "reference_id": "mfsa2014-73", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2014-73" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1307", "reference_id": "RHSA-2014:1307", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1307" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1354", "reference_id": "RHSA-2014:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2014:1371", "reference_id": "RHSA-2014:1371", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2014:1371" }, { "reference_url": "https://usn.ubuntu.com/2360-1/", "reference_id": "USN-2360-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2360-1/" }, { "reference_url": "https://usn.ubuntu.com/2360-2/", "reference_id": "USN-2360-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2360-2/" }, { "reference_url": "https://usn.ubuntu.com/2361-1/", "reference_id": "USN-2361-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/2361-1/" } ], "weaknesses": [ { "cwe_id": 347, "name": "Improper Verification of Cryptographic Signature", "description": "The product does not verify, or incorrectly verifies, the cryptographic signature for data." } ], "exploits": [], "severity_range_score": "9.0 - 10.0", "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-czk2-34xv-pbfr" }