{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","type":"deb","namespace":"debian","name":"nginx","version":"1.6.2-5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.22.1-9+deb12u4","latest_non_vulnerable_version":"1.28.3-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14?format=json","vulnerability_id":"VCID-22cq-z7km-cfdc","summary":"SSL session reuse vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23419","reference_id":"","reference_type":"","scores":[{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88171","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88153","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88163","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88121","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88128","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403","reference_id":"1095403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344005","reference_id":"2344005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23419","reference_id":"CVE-2025-23419","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23419"},{"reference_url":"https://my.f5.com/manage/s/article/K000149173","reference_id":"K000149173","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T18:12:47Z/"}],"url":"https://my.f5.com/manage/s/article/K000149173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7331","reference_id":"RHSA-2025:7331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7331"},{"reference_url":"https://usn.ubuntu.com/7285-1/","reference_id":"USN-7285-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7285-1/"},{"reference_url":"https://usn.ubuntu.com/7285-2/","reference_id":"USN-7285-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7285-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2025-23419"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22cq-z7km-cfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90808?format=json","vulnerability_id":"VCID-36pf-ddpb-3khs","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11724","reference_id":"","reference_type":"","scores":[{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85296","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85275","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85203","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85215","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85235","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85257","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.8528","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85278","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724"},{"reference_url":"https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa"},{"reference_url":"https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210129-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4750","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4750"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950","reference_id":"964950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11724","reference_id":"CVE-2020-11724","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11724"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"},{"reference_url":"https://usn.ubuntu.com/5371-3/","reference_id":"USN-5371-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2020-11724"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36pf-ddpb-3khs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81680?format=json","vulnerability_id":"VCID-3ysf-pvuu-47bs","summary":"nginx: HTTP request smuggling in configurations with URL redirect used as error_page","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20372","reference_id":"","reference_type":"","scores":[{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98653","published_at":"2026-04-02T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98659","published_at":"2026-04-07T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.9866","published_at":"2026-04-08T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98664","published_at":"2026-04-12T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98665","published_at":"2026-04-13T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98668","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790277","reference_id":"1790277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579","reference_id":"948579","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2817","reference_id":"RHSA-2020:2817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5495","reference_id":"RHSA-2020:5495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0778","reference_id":"RHSA-2021:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0779","reference_id":"RHSA-2021:0779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0779"},{"reference_url":"https://usn.ubuntu.com/4235-1/","reference_id":"USN-4235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4235-1/"},{"reference_url":"https://usn.ubuntu.com/4235-2/","reference_id":"USN-4235-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4235-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-20372"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ysf-pvuu-47bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41?format=json","vulnerability_id":"VCID-64n7-ygvq-cfds","summary":"Excessive memory usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843","reference_id":"","reference_type":"","scores":[{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98063","published_at":"2026-04-01T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98087","published_at":"2026-04-16T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98082","published_at":"2026-04-13T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.9807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98071","published_at":"2026-04-07T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98075","published_at":"2026-04-08T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98076","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511","reference_id":"1644511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843","reference_id":"CVE-2018-16843","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16843"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64n7-ygvq-cfds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45?format=json","vulnerability_id":"VCID-9hzg-r1fj-pubf","summary":"Excessive CPU usage in HTTP/2 with priority changes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513","reference_id":"","reference_type":"","scores":[{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91275","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.9125","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91221","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741","reference_id":"1735741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513","reference_id":"CVE-2019-9513","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9513"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9?format=json","vulnerability_id":"VCID-bana-j1wy-cfdy","summary":"Excessive CPU usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844","reference_id":"","reference_type":"","scores":[{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93404","published_at":"2026-04-16T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93381","published_at":"2026-04-09T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93386","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510","reference_id":"1644510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844","reference_id":"CVE-2018-16844","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16844"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bana-j1wy-cfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70179?format=json","vulnerability_id":"VCID-c4ta-jqmg-wfgf","summary":"lua-nginx-module: HTTP request smuggling via a crafted HEAD request","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33452","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72134","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.721","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72123","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72051","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72089","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361691","reference_id":"2361691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361691"},{"reference_url":"https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/","reference_id":"OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T19:26:16Z/"}],"url":"https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2024-33452"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ta-jqmg-wfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15?format=json","vulnerability_id":"VCID-c9ym-ckeq-63dq","summary":"Memory corruption in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41741","reference_id":"","reference_type":"","scores":[{"value":"0.00828","scoring_system":"epss","scoring_elements":"0.74532","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74849","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74847","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74919","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74895","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74882","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74876","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141495","reference_id":"2141495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141495"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/","reference_id":"BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41741","reference_id":"CVE-2022-41741","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41741"},{"reference_url":"https://www.debian.org/security/2022/dsa-5281","reference_id":"dsa-5281","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://www.debian.org/security/2022/dsa-5281"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/","reference_id":"FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/"},{"reference_url":"https://support.f5.com/csp/article/K81926432","reference_id":"K81926432","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://support.f5.com/csp/article/K81926432"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230120-0005/","reference_id":"ntap-20230120-0005","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230120-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/5722-1/","reference_id":"USN-5722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5722-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/","reference_id":"WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2022-41741"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ym-ckeq-63dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34?format=json","vulnerability_id":"VCID-cbn4-utmp-n7ba","summary":"1-byte memory overwrite in resolver","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23017","reference_id":"","reference_type":"","scores":[{"value":"0.73166","scoring_system":"epss","scoring_elements":"0.98794","published_at":"2026-04-16T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98794","published_at":"2026-04-02T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98801","published_at":"2026-04-09T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98805","published_at":"2026-04-13T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98804","published_at":"2026-04-12T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"},{"reference_url":"https://nginx.org/download/patch.2021.resolver.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2021.resolver.txt"},{"reference_url":"https://nginx.org/download/patch.2021.resolver.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2021.resolver.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1963121","reference_id":"1963121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1963121"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095","reference_id":"989095","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095"},{"reference_url":"https://security.archlinux.org/ASA-202106-36","reference_id":"ASA-202106-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-36"},{"reference_url":"https://security.archlinux.org/ASA-202106-48","reference_id":"ASA-202106-48","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-48"},{"reference_url":"https://security.archlinux.org/AVG-1987","reference_id":"AVG-1987","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1987"},{"reference_url":"https://security.archlinux.org/AVG-1988","reference_id":"AVG-1988","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1988"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py","reference_id":"CVE-2021-23017","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23017","reference_id":"CVE-2021-23017","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23017"},{"reference_url":"https://security.gentoo.org/glsa/202105-38","reference_id":"GLSA-202105-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2258","reference_id":"RHSA-2021:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2259","reference_id":"RHSA-2021:2259","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2278","reference_id":"RHSA-2021:2278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2290","reference_id":"RHSA-2021:2290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3653","reference_id":"RHSA-2021:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3851","reference_id":"RHSA-2021:3851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3925","reference_id":"RHSA-2021:3925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0323","reference_id":"RHSA-2022:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0323"},{"reference_url":"https://usn.ubuntu.com/4967-1/","reference_id":"USN-4967-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4967-1/"},{"reference_url":"https://usn.ubuntu.com/4967-2/","reference_id":"USN-4967-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4967-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2021-23017"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbn4-utmp-n7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16?format=json","vulnerability_id":"VCID-cjx4-a19z-xufq","summary":"Integer overflow in the range filter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529","reference_id":"","reference_type":"","scores":[{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99689","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99693","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.9969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.92868","scoring_system":"epss","scoring_elements":"0.99769","published_at":"2026-04-16T12:55:00Z"},{"value":"0.92868","scoring_system":"epss","scoring_elements":"0.99768","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584","reference_id":"1468584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109","reference_id":"868109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109"},{"reference_url":"https://security.archlinux.org/ASA-201707-11","reference_id":"ASA-201707-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-11"},{"reference_url":"https://security.archlinux.org/ASA-201707-12","reference_id":"ASA-201707-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-12"},{"reference_url":"https://security.archlinux.org/AVG-345","reference_id":"AVG-345","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-345"},{"reference_url":"https://security.archlinux.org/AVG-346","reference_id":"AVG-346","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529","reference_id":"CVE-2017-7529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2538","reference_id":"RHSA-2017:2538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2538"},{"reference_url":"https://usn.ubuntu.com/3352-1/","reference_id":"USN-3352-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3352-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2017-7529"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjx4-a19z-xufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25?format=json","vulnerability_id":"VCID-dmv4-ydq9-a7eq","summary":"Excessive CPU usage in HTTP/2 with small window updates","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511","reference_id":"","reference_type":"","scores":[{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94283","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94339","published_at":"2026-04-16T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-02T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94302","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860","reference_id":"1741860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511","reference_id":"CVE-2019-9511","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9511"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12?format=json","vulnerability_id":"VCID-e49f-y1ky-5yb4","summary":"Insufficient limits of CNAME resolution in resolver","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0747","reference_id":"","reference_type":"","scores":[{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96911","published_at":"2026-04-16T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96872","published_at":"2026-04-01T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96899","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96904","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.9688","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96889","published_at":"2026-04-07T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96897","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0747"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa115","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/36","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2021/Sep/36"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"},{"reference_url":"https://support.apple.com/kb/HT212818","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT212818"},{"reference_url":"http://www.debian.org/security/2016/dsa-3473","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3473"},{"reference_url":"http://www.securitytracker.com/id/1034869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034869"},{"reference_url":"http://www.ubuntu.com/usn/USN-2892-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2892-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302589","reference_id":"1302589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806","reference_id":"812806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0747","reference_id":"CVE-2016-0747","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0747"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2892-1/","reference_id":"USN-2892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2892-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035549?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-0747"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e49f-y1ky-5yb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6?format=json","vulnerability_id":"VCID-eb23-pd25-yqg3","summary":"Buffer overread in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7347","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41622","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4166","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42358","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42348","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42377","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.423","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html"},{"reference_url":"https://nginx.org/download/patch.2024.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2024.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2024.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2024.mp4.txt.asc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971","reference_id":"1078971","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304966","reference_id":"2304966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304966"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7347","reference_id":"CVE-2024-7347","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7347"},{"reference_url":"https://security.gentoo.org/glsa/202409-32","reference_id":"GLSA-202409-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-32"},{"reference_url":"https://my.f5.com/manage/s/article/K000140529","reference_id":"K000140529","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:27:31Z/"}],"url":"https://my.f5.com/manage/s/article/K000140529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3261","reference_id":"RHSA-2025:3261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3262","reference_id":"RHSA-2025:3262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7542","reference_id":"RHSA-2025:7542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7548","reference_id":"RHSA-2025:7548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7549","reference_id":"RHSA-2025:7549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/7014-1/","reference_id":"USN-7014-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-1/"},{"reference_url":"https://usn.ubuntu.com/7014-2/","reference_id":"USN-7014-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-2/"},{"reference_url":"https://usn.ubuntu.com/7014-3/","reference_id":"USN-7014-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2024-7347"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb23-pd25-yqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92255?format=json","vulnerability_id":"VCID-fgaf-wqmd-gqf3","summary":"nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)","references":[{"reference_url":"https://access.redhat.com/security/cve/cve-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/cve-2011-4968"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4968","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60151","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60112","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.59987","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60065","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60089","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6011","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60145","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6013","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80952","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80952"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2011-4968"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/01/03/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/01/03/8"},{"reference_url":"http://www.securityfocus.com/bid/57139","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/57139"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940","reference_id":"697940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4968","reference_id":"CVE-2011-4968","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4968"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2011-4968"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgaf-wqmd-gqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23?format=json","vulnerability_id":"VCID-jtgk-h6v6-2fgs","summary":"Use-after-free during CNAME response processing in resolver","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0746","reference_id":"","reference_type":"","scores":[{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94351","published_at":"2026-04-16T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94296","published_at":"2026-04-01T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94335","published_at":"2026-04-12T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94336","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94305","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94316","published_at":"2026-04-04T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94317","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0746"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa115","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/36","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2021/Sep/36"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"},{"reference_url":"https://support.apple.com/kb/HT212818","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT212818"},{"reference_url":"http://www.debian.org/security/2016/dsa-3473","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3473"},{"reference_url":"http://www.securitytracker.com/id/1034869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034869"},{"reference_url":"http://www.ubuntu.com/usn/USN-2892-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2892-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302588","reference_id":"1302588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302588"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806","reference_id":"812806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0746","reference_id":"CVE-2016-0746","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0746"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2892-1/","reference_id":"USN-2892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2892-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035549?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-0746"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtgk-h6v6-2fgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48?format=json","vulnerability_id":"VCID-kcsp-h1s5-wbea","summary":"Excessive memory usage in HTTP/2 with zero length headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516","reference_id":"","reference_type":"","scores":[{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8426","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84348","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84319","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84292","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84314","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864","reference_id":"1741864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516","reference_id":"CVE-2019-9516","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2950","reference_id":"RHSA-2019:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsp-h1s5-wbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44?format=json","vulnerability_id":"VCID-nckn-qkc8-t7ge","summary":"Memory disclosure in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845","reference_id":"","reference_type":"","scores":[{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90931","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.91006","published_at":"2026-04-16T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90936","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90966","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90972","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508","reference_id":"1644508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845","reference_id":"CVE-2018-16845","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3652","reference_id":"RHSA-2018:3652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16845"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nckn-qkc8-t7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59738?format=json","vulnerability_id":"VCID-p933-hxvk-37bk","summary":"Gentoo's NGINX ebuilds are vulnerable to privilege escalation due\n    to the way log files are handled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1247","reference_id":"","reference_type":"","scores":[{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92947","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92986","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92977","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92975","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92976","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92956","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92961","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.9296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92968","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92972","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:C/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390182","reference_id":"1390182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390182"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295","reference_id":"842295","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295"},{"reference_url":"https://security.archlinux.org/ASA-201701-23","reference_id":"ASA-201701-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-23"},{"reference_url":"https://security.archlinux.org/ASA-201701-24","reference_id":"ASA-201701-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-24"},{"reference_url":"https://security.archlinux.org/AVG-138","reference_id":"AVG-138","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-138"},{"reference_url":"https://security.archlinux.org/AVG-139","reference_id":"AVG-139","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-139"},{"reference_url":"http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html","reference_id":"CVE-2016-1247","reference_type":"exploit","scores":[],"url":"http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh","reference_id":"CVE-2016-1247","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh"},{"reference_url":"https://security.gentoo.org/glsa/201701-22","reference_id":"GLSA-201701-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-22"},{"reference_url":"https://usn.ubuntu.com/3114-1/","reference_id":"USN-3114-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3114-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-1247"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p933-hxvk-37bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37?format=json","vulnerability_id":"VCID-qzcz-zvv6-dyda","summary":"Invalid pointer dereference in resolver","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0742","reference_id":"","reference_type":"","scores":[{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99124","published_at":"2026-04-16T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99113","published_at":"2026-04-01T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99117","published_at":"2026-04-04T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.9912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99121","published_at":"2026-04-08T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99122","published_at":"2026-04-13T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99114","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0742"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa115","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/36","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2021/Sep/36"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"},{"reference_url":"https://support.apple.com/kb/HT212818","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT212818"},{"reference_url":"http://www.debian.org/security/2016/dsa-3473","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3473"},{"reference_url":"http://www.securitytracker.com/id/1034869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034869"},{"reference_url":"http://www.ubuntu.com/usn/USN-2892-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2892-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302587","reference_id":"1302587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806","reference_id":"812806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0742","reference_id":"CVE-2016-0742","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0742"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2892-1/","reference_id":"USN-2892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2892-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035549?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-0742"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzcz-zvv6-dyda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10?format=json","vulnerability_id":"VCID-rsr7-p977-tycc","summary":"NULL pointer dereference while writing client request body","references":[{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4450","reference_id":"","reference_type":"","scores":[{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88468","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88405","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88451","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88462","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88414","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88422","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88426","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88445","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"},{"reference_url":"https://nginx.org/download/patch.2016.write2.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write2.txt"},{"reference_url":"https://nginx.org/download/patch.2016.write2.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write2.txt.asc"},{"reference_url":"https://nginx.org/download/patch.2016.write.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write.txt"},{"reference_url":"https://nginx.org/download/patch.2016.write.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write.txt.asc"},{"reference_url":"http://www.debian.org/security/2016/dsa-3592","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3592"},{"reference_url":"http://www.securityfocus.com/bid/90967","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/90967"},{"reference_url":"http://www.securitytracker.com/id/1036019","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036019"},{"reference_url":"http://www.ubuntu.com/usn/USN-2991-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2991-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341462","reference_id":"1341462","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341462"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960","reference_id":"825960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4450","reference_id":"CVE-2016-4450","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4450"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2991-1/","reference_id":"USN-2991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-4450"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsr7-p977-tycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80226?format=json","vulnerability_id":"VCID-u8aq-2qhu-gff5","summary":"ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3618","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69833","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69937","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69902","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6991","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6986","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69837","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69886","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975623","reference_id":"1975623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975623"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328","reference_id":"991328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329","reference_id":"991329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331","reference_id":"991331","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331"},{"reference_url":"https://security.archlinux.org/AVG-2101","reference_id":"AVG-2101","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2101"},{"reference_url":"https://security.archlinux.org/AVG-2102","reference_id":"AVG-2102","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2102"},{"reference_url":"https://security.archlinux.org/AVG-2103","reference_id":"AVG-2103","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2103"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"},{"reference_url":"https://usn.ubuntu.com/5371-2/","reference_id":"USN-5371-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-2/"},{"reference_url":"https://usn.ubuntu.com/6379-1/","reference_id":"USN-6379-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6379-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2021-3618"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8aq-2qhu-gff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85848?format=json","vulnerability_id":"VCID-uqb5-ensa-8yht","summary":"regression update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"}],"aliases":["DSA-3701-2 nginx"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uqb5-ensa-8yht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22?format=json","vulnerability_id":"VCID-wc3j-5xmu-kyex","summary":"Memory disclosure in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41742","reference_id":"","reference_type":"","scores":[{"value":"0.00095","scoring_system":"epss","scoring_elements":"0.26344","published_at":"2026-04-16T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26837","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26855","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26912","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26956","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26953","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.27047","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141496","reference_id":"2141496","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141496"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/","reference_id":"BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41742","reference_id":"CVE-2022-41742","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41742"},{"reference_url":"https://www.debian.org/security/2022/dsa-5281","reference_id":"dsa-5281","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://www.debian.org/security/2022/dsa-5281"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/","reference_id":"FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/"},{"reference_url":"https://support.f5.com/csp/article/K28112382","reference_id":"K28112382","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://support.f5.com/csp/article/K28112382"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230120-0005/","reference_id":"ntap-20230120-0005","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230120-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/5722-1/","reference_id":"USN-5722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5722-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/","reference_id":"WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2022-41742"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc3j-5xmu-kyex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94585?format=json","vulnerability_id":"VCID-y3tg-7fge-1yfy","summary":"ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36309","reference_id":"","reference_type":"","scores":[{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.61963","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62034","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62065","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62102","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62111","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.6209","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62134","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787","reference_id":"986787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2020-36309"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3tg-7fge-1yfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83977?format=json","vulnerability_id":"VCID-yu2j-f4q9-bbcx","summary":"nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20005","reference_id":"","reference_type":"","scores":[{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87134","published_at":"2026-04-16T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87087","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87108","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87128","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87123","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87118","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005"},{"reference_url":"https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf","reference_id":"0206ebe76f748bb39d9de4dd4b3fce777fdfdccf","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf"},{"reference_url":"https://trac.nginx.org/nginx/ticket/1368","reference_id":"1368","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://trac.nginx.org/nginx/ticket/1368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974192","reference_id":"1974192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974192"},{"reference_url":"https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b","reference_id":"b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b"},{"reference_url":"http://nginx.org/en/CHANGES","reference_id":"CHANGES","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"http://nginx.org/en/CHANGES"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0006/","reference_id":"ntap-20210805-0006","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210805-0006/"},{"reference_url":"https://usn.ubuntu.com/5109-1/","reference_id":"USN-5109-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5109-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2017-20005"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu2j-f4q9-bbcx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40?format=json","vulnerability_id":"VCID-asr7-uwpu-a7a5","summary":"STARTTLS command injection","references":[{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2"},{"reference_url":"http://nginx.org/download/patch.2014.starttls.txt","reference_id":"","reference_type":"","scores":[],"url":"http://nginx.org/download/patch.2014.starttls.txt"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3556.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3556","reference_id":"","reference_type":"","scores":[{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97735","published_at":"2026-04-16T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97707","published_at":"2026-04-01T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97728","published_at":"2026-04-12T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.9773","published_at":"2026-04-13T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97714","published_at":"2026-04-02T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97715","published_at":"2026-04-04T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97716","published_at":"2026-04-07T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.9772","published_at":"2026-04-08T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97723","published_at":"2026-04-09T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97726","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"},{"reference_url":"https://nginx.org/download/patch.2014.starttls.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.starttls.txt"},{"reference_url":"https://nginx.org/download/patch.2014.starttls.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.starttls.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126891","reference_id":"1126891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757196","reference_id":"757196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757196"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3556","reference_id":"CVE-2014-3556","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2014-3556"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-asr7-uwpu-a7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3?format=json","vulnerability_id":"VCID-m1y8-m8z6-kyg9","summary":"SPDY heap buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0133.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0133","reference_id":"","reference_type":"","scores":[{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95596","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95605","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.9561","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95621","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95624","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95629","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95631","published_at":"2026-04-13T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95639","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html","reference_id":"","reference_type":"","scores":[],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"},{"reference_url":"https://nginx.org/download/patch.2014.spdy2.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.spdy2.txt"},{"reference_url":"https://nginx.org/download/patch.2014.spdy2.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.spdy2.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077988","reference_id":"1077988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077988"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742059","reference_id":"742059","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742059"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0133","reference_id":"CVE-2014-0133","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0133"},{"reference_url":"https://security.gentoo.org/glsa/201406-20","reference_id":"GLSA-201406-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2014-0133"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1y8-m8z6-kyg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33?format=json","vulnerability_id":"VCID-pmrf-dxst-p7a7","summary":"Request line parsing vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4547","reference_id":"","reference_type":"","scores":[{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.9963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.99629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.99632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.99633","published_at":"2026-04-16T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"},{"reference_url":"https://nginx.org/download/patch.2013.space.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.space.txt"},{"reference_url":"https://nginx.org/download/patch.2013.space.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.space.txt.asc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012","reference_id":"730012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4547","reference_id":"CVE-2013-4547","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4547"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38846.txt","reference_id":"CVE-2013-4547;OSVDB-100015","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38846.txt"},{"reference_url":"https://www.securityfocus.com/bid/63814/info","reference_id":"CVE-2013-4547;OSVDB-100015","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/63814/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2013-4547"],"risk_score":7.0,"exploitability":"2.0","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmrf-dxst-p7a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13?format=json","vulnerability_id":"VCID-u25m-v3f6-23dk","summary":"Memory disclosure with specially crafted HTTP backend responses","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"},{"reference_url":"http://nginx.org/download/patch.2013.proxy.txt","reference_id":"","reference_type":"","scores":[],"url":"http://nginx.org/download/patch.2013.proxy.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2070","reference_id":"","reference_type":"","scores":[{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.8926","published_at":"2026-04-16T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.892","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.8922","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89245","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=962525","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=962525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070"},{"reference_url":"http://seclists.org/oss-sec/2013/q2/291","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q2/291"},{"reference_url":"http://secunia.com/advisories/55181","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55181"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201310-04.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-201310-04.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84172","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84172"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"},{"reference_url":"https://nginx.org/download/patch.2013.chunked.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.chunked.txt"},{"reference_url":"https://nginx.org/download/patch.2013.chunked.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.chunked.txt.asc"},{"reference_url":"https://nginx.org/download/patch.2013.proxy.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.proxy.txt"},{"reference_url":"https://nginx.org/download/patch.2013.proxy.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.proxy.txt.asc"},{"reference_url":"http://www.debian.org/security/2013/dsa-2721","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2721"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/13/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/05/13/3"},{"reference_url":"http://www.securityfocus.com/bid/59824","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/59824"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164","reference_id":"708164","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2070","reference_id":"CVE-2013-2070","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2070"},{"reference_url":"https://security.gentoo.org/glsa/201310-04","reference_id":"GLSA-201310-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2013-2070"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u25m-v3f6-23dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17?format=json","vulnerability_id":"VCID-x8ck-rceh-ukdw","summary":"SSL session reuse vulnerability","references":[{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3616.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3616","reference_id":"","reference_type":"","scores":[{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85182","published_at":"2026-04-16T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.8509","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85165","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85161","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.8512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85145","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85167","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"},{"reference_url":"http://www.debian.org/security/2014/dsa-3029","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-3029"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1142573","reference_id":"1142573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1142573"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940","reference_id":"761940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3616","reference_id":"CVE-2014-3616","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3616"},{"reference_url":"https://security.gentoo.org/glsa/201502-06","reference_id":"GLSA-201502-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-06"},{"reference_url":"https://usn.ubuntu.com/2351-1/","reference_id":"USN-2351-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2351-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2014-3616"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ck-rceh-ukdw"}],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}