{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","type":"deb","namespace":"debian","name":"nss","version":"2:3.26-1+debu8u3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:3.87.1-1+deb12u2","latest_non_vulnerable_version":"2:3.87.1-1+deb12u2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63103?format=json","vulnerability_id":"VCID-2zrv-q4tb-wqeg","summary":"The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks.\nBoth the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel.\nBy sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key.\nThe issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4421.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4421","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.4514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45149","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4421"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238677","reference_id":"2238677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238677"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-53","reference_id":"mfsa2023-53","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-53"},{"reference_url":"https://usn.ubuntu.com/6727-1/","reference_id":"USN-6727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2023-4421"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zrv-q4tb-wqeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44219?format=json","vulnerability_id":"VCID-46cy-x3cp-tke5","summary":"Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0743.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0743","reference_id":"","reference_type":"","scores":[{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76033","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.75979","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76039","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76062","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76037","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.7599","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76011","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260012","reference_id":"2260012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260012"},{"reference_url":"https://security.gentoo.org/glsa/202402-26","reference_id":"GLSA-202402-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-01","reference_id":"mfsa2024-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-01/","reference_id":"mfsa2024-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-13","reference_id":"mfsa2024-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-13/","reference_id":"mfsa2024-13","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-14","reference_id":"mfsa2024-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-14/","reference_id":"mfsa2024-14","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-14/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1483","reference_id":"RHSA-2024:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1484","reference_id":"RHSA-2024:1484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1485","reference_id":"RHSA-2024:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1486","reference_id":"RHSA-2024:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1487","reference_id":"RHSA-2024:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1488","reference_id":"RHSA-2024:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1489","reference_id":"RHSA-2024:1489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1490","reference_id":"RHSA-2024:1490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1491","reference_id":"RHSA-2024:1491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1492","reference_id":"RHSA-2024:1492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1493","reference_id":"RHSA-2024:1493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1494","reference_id":"RHSA-2024:1494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1495","reference_id":"RHSA-2024:1495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1496","reference_id":"RHSA-2024:1496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1497","reference_id":"RHSA-2024:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1498","reference_id":"RHSA-2024:1498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1499","reference_id":"RHSA-2024:1499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1500","reference_id":"RHSA-2024:1500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1500"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1867408","reference_id":"show_bug.cgi?id=1867408","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1867408"},{"reference_url":"https://usn.ubuntu.com/6610-1/","reference_id":"USN-6610-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6610-1/"},{"reference_url":"https://usn.ubuntu.com/6717-1/","reference_id":"USN-6717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2024-0743"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46cy-x3cp-tke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63130?format=json","vulnerability_id":"VCID-6fvj-phnx-kfgs","summary":"After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17023","reference_id":"","reference_type":"","scores":[{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75657","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75682","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75601","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75632","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75646","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791225","reference_id":"1791225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791225"},{"reference_url":"https://security.archlinux.org/ASA-202001-1","reference_id":"ASA-202001-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202001-1"},{"reference_url":"https://security.archlinux.org/AVG-1084","reference_id":"AVG-1084","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1084"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01","reference_id":"mfsa2020-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4234-1/","reference_id":"USN-4234-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4234-1/"},{"reference_url":"https://usn.ubuntu.com/4397-1/","reference_id":"USN-4397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17023"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fvj-phnx-kfgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81704?format=json","vulnerability_id":"VCID-7msj-wyd6-zkbe","summary":"nss: Check length of inputs for cryptographic primitives","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17006","reference_id":"","reference_type":"","scores":[{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86617","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86654","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86675","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86668","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1775916","reference_id":"1775916","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1775916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0758","reference_id":"RHSA-2021:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1026","reference_id":"RHSA-2021:1026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1026"},{"reference_url":"https://usn.ubuntu.com/4231-1/","reference_id":"USN-4231-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4231-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17006"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7msj-wyd6-zkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32064?format=json","vulnerability_id":"VCID-8qtg-h4km-bfg2","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11719.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11719","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.6355","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63534","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63517","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63413","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63473","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.635","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728436","reference_id":"1728436","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728436"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://security.gentoo.org/glsa/201908-12","reference_id":"GLSA-201908-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-12"},{"reference_url":"https://security.gentoo.org/glsa/201908-20","reference_id":"GLSA-201908-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4054-1/","reference_id":"USN-4054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4054-1/"},{"reference_url":"https://usn.ubuntu.com/4060-1/","reference_id":"USN-4060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-1/"},{"reference_url":"https://usn.ubuntu.com/4060-2/","reference_id":"USN-4060-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-2/"},{"reference_url":"https://usn.ubuntu.com/4064-1/","reference_id":"USN-4064-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4064-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11719"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qtg-h4km-bfg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33937?format=json","vulnerability_id":"VCID-cgvg-aj53-kkbp","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0767","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.505","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50485","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170377","reference_id":"2170377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170377"},{"reference_url":"https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html","reference_id":"ALAS-2023-1992.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1252","reference_id":"RHSA-2023:1252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1332","reference_id":"RHSA-2023:1332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1365","reference_id":"RHSA-2023:1365","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1366","reference_id":"RHSA-2023:1366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1368","reference_id":"RHSA-2023:1368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1369","reference_id":"RHSA-2023:1369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1370","reference_id":"RHSA-2023:1370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1406","reference_id":"RHSA-2023:1406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1436","reference_id":"RHSA-2023:1436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1442","reference_id":"RHSA-2023:1442","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1443","reference_id":"RHSA-2023:1443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1444","reference_id":"RHSA-2023:1444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1445","reference_id":"RHSA-2023:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1472","reference_id":"RHSA-2023:1472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1479","reference_id":"RHSA-2023:1479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1677","reference_id":"RHSA-2023:1677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1677"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804640","reference_id":"show_bug.cgi?id=1804640","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804640"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5892-1/","reference_id":"USN-5892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5892-1/"},{"reference_url":"https://usn.ubuntu.com/5892-2/","reference_id":"USN-5892-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5892-2/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2023-0767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgvg-aj53-kkbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51558?format=json","vulnerability_id":"VCID-dh3c-g3k3-zkb7","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7805","reference_id":"","reference_type":"","scores":[{"value":"0.03211","scoring_system":"epss","scoring_elements":"0.8703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88197","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88191","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88199","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88171","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7805"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1377618","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1377618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-3987","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3987"},{"reference_url":"https://www.debian.org/security/2017/dsa-3998","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3998"},{"reference_url":"https://www.debian.org/security/2017/dsa-4014","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4014"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-21/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-21/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-22/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-22/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-23/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-23/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/101059","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101059"},{"reference_url":"http://www.securitytracker.com/id/1039465","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1471171","reference_id":"1471171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1471171"},{"reference_url":"https://security.archlinux.org/ASA-201710-19","reference_id":"ASA-201710-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-19"},{"reference_url":"https://security.archlinux.org/AVG-441","reference_id":"AVG-441","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-441"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7805","reference_id":"CVE-2017-7805","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7805"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21","reference_id":"mfsa2017-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22","reference_id":"mfsa2017-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23","reference_id":"mfsa2017-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2832","reference_id":"RHSA-2017:2832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2832"},{"reference_url":"https://usn.ubuntu.com/3431-1/","reference_id":"USN-3431-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3431-1/"},{"reference_url":"https://usn.ubuntu.com/3435-1/","reference_id":"USN-3435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3435-1/"},{"reference_url":"https://usn.ubuntu.com/3436-1/","reference_id":"USN-3436-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3436-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2017-7805"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh3c-g3k3-zkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56751?format=json","vulnerability_id":"VCID-ekxy-vaed-u7cg","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird the worst of which could lead to the execution of arbitrary\n    code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9074.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9074","reference_id":"","reference_type":"","scores":[{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79091","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79074","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79083","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.7909","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79115","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79101","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79041","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01221","scoring_system":"epss","scoring_elements":"0.79047","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9074"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1293334"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9064"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2016/dsa-3730","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2016/dsa-3730"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-89/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-89/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-90/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-90/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2016-93/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2016-93/"},{"reference_url":"http://www.securityfocus.com/bid/94341","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/94341"},{"reference_url":"http://www.securitytracker.com/id/1037298","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1037298"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396548","reference_id":"1396548","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1396548"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9074","reference_id":"CVE-2016-9074","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9074"},{"reference_url":"https://security.gentoo.org/glsa/201701-15","reference_id":"GLSA-201701-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-15"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"},{"reference_url":"https://usn.ubuntu.com/3163-1/","reference_id":"USN-3163-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3163-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2016-9074"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ekxy-vaed-u7cg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62052?format=json","vulnerability_id":"VCID-ewe9-39b1-kba2","summary":"A vulnerability in NSS might allow remote attackers to cause a\n    Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25648.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25648","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27152","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27192","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27229","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27022","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27091","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27137","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27141","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27097","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2704","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887319","reference_id":"1887319","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887319"},{"reference_url":"https://security.gentoo.org/glsa/202012-21","reference_id":"GLSA-202012-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1384","reference_id":"RHSA-2021:1384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3572","reference_id":"RHSA-2021:3572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3572"},{"reference_url":"https://usn.ubuntu.com/5410-1/","reference_id":"USN-5410-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5410-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-25648"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewe9-39b1-kba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60444?format=json","vulnerability_id":"VCID-fgv4-bz59-h7g7","summary":"Multiple vulnerabilities have been found in Mozilla Network\n    Security Service (NSS), the worst of which may lead to arbitrary code\n    execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18508.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18508","reference_id":"","reference_type":"","scores":[{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68142","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68165","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68183","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.6824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68206","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671310","reference_id":"1671310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671310"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921614","reference_id":"921614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921614"},{"reference_url":"https://security.gentoo.org/glsa/202003-37","reference_id":"GLSA-202003-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://usn.ubuntu.com/3898-1/","reference_id":"USN-3898-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3898-1/"},{"reference_url":"https://usn.ubuntu.com/3898-2/","reference_id":"USN-3898-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3898-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2018-18508"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgv4-bz59-h7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49729?format=json","vulnerability_id":"VCID-gfj6-dsud-g3fh","summary":"Multiple vulnerabilities have been found in NSS, the worst of which\n    may allow execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5462.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5462","reference_id":"","reference_type":"","scores":[{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77748","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77706","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77696","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5462"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2017/dsa-3831","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3831"},{"reference_url":"https://www.debian.org/security/2017/dsa-3872","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3872"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-10/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-10/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-11/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-11/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-12/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-12/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-13/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-13/"},{"reference_url":"http://www.securityfocus.com/bid/97940","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97940"},{"reference_url":"http://www.securitytracker.com/id/1038320","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038320"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443348","reference_id":"1443348","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443348"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958","reference_id":"862958","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5462","reference_id":"CVE-2017-5462","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5462"},{"reference_url":"https://security.gentoo.org/glsa/201705-04","reference_id":"GLSA-201705-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-04"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"},{"reference_url":"https://usn.ubuntu.com/3260-1/","reference_id":"USN-3260-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3260-1/"},{"reference_url":"https://usn.ubuntu.com/3278-1/","reference_id":"USN-3278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5462"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfj6-dsud-g3fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32066?format=json","vulnerability_id":"VCID-hs5f-21nx-gfeb","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11729.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11729","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67967","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67949","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68001","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67907","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6793","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728437","reference_id":"1728437","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728437"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://security.gentoo.org/glsa/201908-12","reference_id":"GLSA-201908-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-12"},{"reference_url":"https://security.gentoo.org/glsa/201908-20","reference_id":"GLSA-201908-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4190","reference_id":"RHSA-2019:4190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4190"},{"reference_url":"https://usn.ubuntu.com/4054-1/","reference_id":"USN-4054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4054-1/"},{"reference_url":"https://usn.ubuntu.com/4060-1/","reference_id":"USN-4060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-1/"},{"reference_url":"https://usn.ubuntu.com/4060-2/","reference_id":"USN-4060-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-2/"},{"reference_url":"https://usn.ubuntu.com/4064-1/","reference_id":"USN-4064-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4064-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11729"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5f-21nx-gfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56913?format=json","vulnerability_id":"VCID-jrsz-ynp7-wbb2","summary":"Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43527","reference_id":"","reference_type":"","scores":[{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89984","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.9008","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.90065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.90068","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024370","reference_id":"2024370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024370"},{"reference_url":"https://security.archlinux.org/ASA-202112-3","reference_id":"ASA-202112-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-3"},{"reference_url":"https://security.archlinux.org/ASA-202112-4","reference_id":"ASA-202112-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-4"},{"reference_url":"https://security.archlinux.org/AVG-2596","reference_id":"AVG-2596","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2596"},{"reference_url":"https://security.archlinux.org/AVG-2597","reference_id":"AVG-2597","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2597"},{"reference_url":"https://security.gentoo.org/glsa/202212-05","reference_id":"GLSA-202212-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51","reference_id":"mfsa2021-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4903","reference_id":"RHSA-2021:4903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4904","reference_id":"RHSA-2021:4904","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4907","reference_id":"RHSA-2021:4907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4909","reference_id":"RHSA-2021:4909","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4919","reference_id":"RHSA-2021:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4932","reference_id":"RHSA-2021:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4933","reference_id":"RHSA-2021:4933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4946","reference_id":"RHSA-2021:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4953","reference_id":"RHSA-2021:4953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4954","reference_id":"RHSA-2021:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4969","reference_id":"RHSA-2021:4969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4994","reference_id":"RHSA-2021:4994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5006","reference_id":"RHSA-2021:5006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5035","reference_id":"RHSA-2021:5035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5035"},{"reference_url":"https://usn.ubuntu.com/5168-1/","reference_id":"USN-5168-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-1/"},{"reference_url":"https://usn.ubuntu.com/5168-2/","reference_id":"USN-5168-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-2/"},{"reference_url":"https://usn.ubuntu.com/5168-3/","reference_id":"USN-5168-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-3/"},{"reference_url":"https://usn.ubuntu.com/5168-4/","reference_id":"USN-5168-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2021-43527"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrsz-ynp7-wbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83179?format=json","vulnerability_id":"VCID-jvrr-2gej-bfby","summary":"nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12384","reference_id":"","reference_type":"","scores":[{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70029","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70056","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70034","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70097","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.7012","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70093","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622089","reference_id":"1622089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622089"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332","reference_id":"908332","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2768","reference_id":"RHSA-2018:2768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2898","reference_id":"RHSA-2018:2898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2898"},{"reference_url":"https://usn.ubuntu.com/3850-1/","reference_id":"USN-3850-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-1/"},{"reference_url":"https://usn.ubuntu.com/3850-2/","reference_id":"USN-3850-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2018-12384"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvrr-2gej-bfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61777?format=json","vulnerability_id":"VCID-k2s2-zkua-8ydy","summary":"NSS has an information disclosure vulnerability when handling DSA\n    keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12399","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26718","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26794","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26854","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26895","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826177","reference_id":"1826177","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826177"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752","reference_id":"961752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752"},{"reference_url":"https://security.archlinux.org/ASA-202006-1","reference_id":"ASA-202006-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-1"},{"reference_url":"https://security.archlinux.org/ASA-202006-4","reference_id":"ASA-202006-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-4"},{"reference_url":"https://security.archlinux.org/AVG-1173","reference_id":"AVG-1173","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1173"},{"reference_url":"https://security.archlinux.org/AVG-1179","reference_id":"AVG-1179","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1179"},{"reference_url":"https://security.gentoo.org/glsa/202007-49","reference_id":"GLSA-202007-49","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20","reference_id":"mfsa2020-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21","reference_id":"mfsa2020-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22","reference_id":"mfsa2020-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://usn.ubuntu.com/4383-1/","reference_id":"USN-4383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4383-1/"},{"reference_url":"https://usn.ubuntu.com/4397-1/","reference_id":"USN-4397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-1/"},{"reference_url":"https://usn.ubuntu.com/4397-2/","reference_id":"USN-4397-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-2/"},{"reference_url":"https://usn.ubuntu.com/4421-1/","reference_id":"USN-4421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12399"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2s2-zkua-8ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39135?format=json","vulnerability_id":"VCID-k4a4-f1as-x3bj","summary":"NSS has multiple information disclosure vulnerabilities when\n    handling secret key material.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12400.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12400","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35115","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34934","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35085","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35111","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1853983","reference_id":"1853983","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1853983"},{"reference_url":"https://security.gentoo.org/glsa/202008-08","reference_id":"GLSA-202008-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4455-1/","reference_id":"USN-4455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4455-1/"},{"reference_url":"https://usn.ubuntu.com/4474-1/","reference_id":"USN-4474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12400"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4a4-f1as-x3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49728?format=json","vulnerability_id":"VCID-kxvg-qw8v-vydv","summary":"Multiple vulnerabilities have been found in NSS, the worst of which\n    may allow execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5461.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5461","reference_id":"","reference_type":"","scores":[{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76015","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76021","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76044","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75956","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75992","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76004","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75971","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76019","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5461"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1344380","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"http://www.debian.org/security/2017/dsa-3831","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3831"},{"reference_url":"http://www.debian.org/security/2017/dsa-3872","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3872"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/98050","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98050"},{"reference_url":"http://www.securitytracker.com/id/1038320","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038320"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1440080","reference_id":"1440080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1440080"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958","reference_id":"862958","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958"},{"reference_url":"https://security.archlinux.org/ASA-201704-4","reference_id":"ASA-201704-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-4"},{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/ASA-201705-21","reference_id":"ASA-201705-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-21"},{"reference_url":"https://security.archlinux.org/AVG-247","reference_id":"AVG-247","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-247"},{"reference_url":"https://security.archlinux.org/AVG-248","reference_id":"AVG-248","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-248"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5461","reference_id":"CVE-2017-5461","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5461"},{"reference_url":"https://security.gentoo.org/glsa/201705-04","reference_id":"GLSA-201705-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-04"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1100","reference_id":"RHSA-2017:1100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1101","reference_id":"RHSA-2017:1101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1102","reference_id":"RHSA-2017:1102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1103","reference_id":"RHSA-2017:1103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1103"},{"reference_url":"https://usn.ubuntu.com/3260-1/","reference_id":"USN-3260-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3260-1/"},{"reference_url":"https://usn.ubuntu.com/3270-1/","reference_id":"USN-3270-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3270-1/"},{"reference_url":"https://usn.ubuntu.com/3278-1/","reference_id":"USN-3278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3278-1/"},{"reference_url":"https://usn.ubuntu.com/3372-1/","reference_id":"USN-3372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5461"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxvg-qw8v-vydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63133?format=json","vulnerability_id":"VCID-mx8t-s47w-wud5","summary":"When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6829.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6829","reference_id":"","reference_type":"","scores":[{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69005","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69049","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.6894","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68958","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68978","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68957","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69007","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69027","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826187","reference_id":"1826187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826187"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4455-1/","reference_id":"USN-4455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4455-1/"},{"reference_url":"https://usn.ubuntu.com/4474-1/","reference_id":"USN-4474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-6829"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mx8t-s47w-wud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57336?format=json","vulnerability_id":"VCID-paez-g9wh-mfeq","summary":"Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6609","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68664","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68707","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68614","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.6862","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68665","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6609"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-29/","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-32/","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-32/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839258","reference_id":"show_bug.cgi?id=1839258","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839258"},{"reference_url":"https://usn.ubuntu.com/6890-1/","reference_id":"USN-6890-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6890-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2024-6609"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-paez-g9wh-mfeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39137?format=json","vulnerability_id":"VCID-rk7t-zjzg-eqar","summary":"NSS has multiple information disclosure vulnerabilities when\n    handling secret key material.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12401.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12401","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40566","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40604","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40514","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40595","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40622","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40544","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851294","reference_id":"1851294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851294"},{"reference_url":"https://security.gentoo.org/glsa/202008-08","reference_id":"GLSA-202008-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4455-1/","reference_id":"USN-4455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4455-1/"},{"reference_url":"https://usn.ubuntu.com/4474-1/","reference_id":"USN-4474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12401"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rk7t-zjzg-eqar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39140?format=json","vulnerability_id":"VCID-szzk-wxm2-cfgj","summary":"NSS has multiple information disclosure vulnerabilities when\n    handling secret key material.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12403.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12403","reference_id":"","reference_type":"","scores":[{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70331","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70344","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70385","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.704","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70424","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70408","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70394","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868931","reference_id":"1868931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868931"},{"reference_url":"https://security.gentoo.org/glsa/202008-08","reference_id":"GLSA-202008-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0758","reference_id":"RHSA-2021:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1026","reference_id":"RHSA-2021:1026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1026"},{"reference_url":"https://usn.ubuntu.com/4476-1/","reference_id":"USN-4476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12403"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szzk-wxm2-cfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84279?format=json","vulnerability_id":"VCID-t89f-eksr-juen","summary":"nss: Null pointer dereference when handling empty SSLv2 messages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7502.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7502","reference_id":"","reference_type":"","scores":[{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.8394","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.83972","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.83954","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.8397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.83995","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02098","scoring_system":"epss","scoring_elements":"0.84048","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446631","reference_id":"1446631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446631"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863839","reference_id":"863839","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1364","reference_id":"RHSA-2017:1364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1365","reference_id":"RHSA-2017:1365","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1567","reference_id":"RHSA-2017:1567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1567"},{"reference_url":"https://usn.ubuntu.com/3336-1/","reference_id":"USN-3336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3336-1/"},{"reference_url":"https://usn.ubuntu.com/3372-1/","reference_id":"USN-3372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-7502"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t89f-eksr-juen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33641?format=json","vulnerability_id":"VCID-vjas-pry4-93cz","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12402","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28086","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28102","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28174","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28079","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826231","reference_id":"1826231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826231"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152","reference_id":"963152","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152"},{"reference_url":"https://security.gentoo.org/glsa/202007-10","reference_id":"GLSA-202007-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24","reference_id":"mfsa2020-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29","reference_id":"mfsa2020-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4417-1/","reference_id":"USN-4417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4417-1/"},{"reference_url":"https://usn.ubuntu.com/4417-2/","reference_id":"USN-4417-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4417-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12402"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjas-pry4-93cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62742?format=json","vulnerability_id":"VCID-vszp-vyxy-f7g7","summary":"Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292","reference_id":"2442292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552","reference_id":"show_bug.cgi?id=2009552","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552"},{"reference_url":"https://usn.ubuntu.com/8071-1/","reference_id":"USN-8071-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-1/"},{"reference_url":"https://usn.ubuntu.com/8071-2/","reference_id":"USN-8071-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2026-2781"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vszp-vyxy-f7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31920?format=json","vulnerability_id":"VCID-vzb9-aeqz-hybr","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11745","reference_id":"","reference_type":"","scores":[{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74133","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74105","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74137","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74152","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74174","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74155","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74101","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74107","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1774831","reference_id":"1774831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1774831"},{"reference_url":"https://security.archlinux.org/ASA-201912-1","reference_id":"ASA-201912-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-1"},{"reference_url":"https://security.archlinux.org/ASA-201912-2","reference_id":"ASA-201912-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-2"},{"reference_url":"https://security.archlinux.org/AVG-1071","reference_id":"AVG-1071","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1071"},{"reference_url":"https://security.archlinux.org/AVG-1072","reference_id":"AVG-1072","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1072"},{"reference_url":"https://security.gentoo.org/glsa/202003-02","reference_id":"GLSA-202003-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-02"},{"reference_url":"https://security.gentoo.org/glsa/202003-10","reference_id":"GLSA-202003-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-10"},{"reference_url":"https://security.gentoo.org/glsa/202003-37","reference_id":"GLSA-202003-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36","reference_id":"mfsa2019-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37","reference_id":"mfsa2019-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38","reference_id":"mfsa2019-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4114","reference_id":"RHSA-2019:4114","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4114"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4152","reference_id":"RHSA-2019:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4190","reference_id":"RHSA-2019:4190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0243","reference_id":"RHSA-2020:0243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0466","reference_id":"RHSA-2020:0466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1267","reference_id":"RHSA-2020:1267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1345","reference_id":"RHSA-2020:1345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1461","reference_id":"RHSA-2020:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1461"},{"reference_url":"https://usn.ubuntu.com/4203-1/","reference_id":"USN-4203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4203-1/"},{"reference_url":"https://usn.ubuntu.com/4203-2/","reference_id":"USN-4203-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4203-2/"},{"reference_url":"https://usn.ubuntu.com/4216-1/","reference_id":"USN-4216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4216-1/"},{"reference_url":"https://usn.ubuntu.com/4216-2/","reference_id":"USN-4216-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4216-2/"},{"reference_url":"https://usn.ubuntu.com/4241-1/","reference_id":"USN-4241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4241-1/"},{"reference_url":"https://usn.ubuntu.com/4335-1/","reference_id":"USN-4335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11745"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzb9-aeqz-hybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36103?format=json","vulnerability_id":"VCID-w794-gqex-83du","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6602.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6602","reference_id":"","reference_type":"","scores":[{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.7349","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73497","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73493","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.7348","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73443","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73517","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296637","reference_id":"2296637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296637"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-29/","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-30/","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-31/","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-32/","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-32/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4625","reference_id":"RHSA-2024:4625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4670","reference_id":"RHSA-2024:4670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4671","reference_id":"RHSA-2024:4671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4717","reference_id":"RHSA-2024:4717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4718","reference_id":"RHSA-2024:4718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4718"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4894","reference_id":"RHSA-2024:4894","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4894"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1895032","reference_id":"show_bug.cgi?id=1895032","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1895032"},{"reference_url":"https://usn.ubuntu.com/6890-1/","reference_id":"USN-6890-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6890-1/"},{"reference_url":"https://usn.ubuntu.com/6903-1/","reference_id":"USN-6903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2024-6602"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w794-gqex-83du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36427?format=json","vulnerability_id":"VCID-wavp-f4kn-j3cm","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11727.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11727","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48124","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48045","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48082","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48103","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730988","reference_id":"1730988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730988"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://security.gentoo.org/glsa/201908-12","reference_id":"GLSA-201908-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4054-1/","reference_id":"USN-4054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4054-1/"},{"reference_url":"https://usn.ubuntu.com/4060-1/","reference_id":"USN-4060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11727"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wavp-f4kn-j3cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82699?format=json","vulnerability_id":"VCID-x1ty-wqph-gkak","summary":"nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17007","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53893","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5391","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53938","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53965","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54011","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53976","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703979","reference_id":"1703979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2237","reference_id":"RHSA-2019:2237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://usn.ubuntu.com/4215-1/","reference_id":"USN-4215-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4215-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17007"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ty-wqph-gkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31168?format=json","vulnerability_id":"VCID-y43f-tmvr-hqas","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32419","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32454","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572","reference_id":"2039572","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028","reference_id":"show_bug.cgi?id=1735028","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"},{"reference_url":"https://usn.ubuntu.com/5506-1/","reference_id":"USN-5506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5506-1/"},{"reference_url":"https://usn.ubuntu.com/5872-1/","reference_id":"USN-5872-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5872-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2022-22747"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y43f-tmvr-hqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82973?format=json","vulnerability_id":"VCID-ykkw-a6a1-43fe","summary":"nss: Cache side-channel variant of the Bleichenbacher attack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12404.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12404","reference_id":"","reference_type":"","scores":[{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94413","published_at":"2026-04-01T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.9442","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.9443","published_at":"2026-04-04T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94446","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94451","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1657913","reference_id":"1657913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1657913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2237","reference_id":"RHSA-2019:2237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2237"},{"reference_url":"https://usn.ubuntu.com/3850-1/","reference_id":"USN-3850-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-1/"},{"reference_url":"https://usn.ubuntu.com/3850-2/","reference_id":"USN-3850-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2018-12404"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkw-a6a1-43fe"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63472?format=json","vulnerability_id":"VCID-2w58-mdmk-guh8","summary":"Mozilla has updated the version of Network Security Services\n(NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated\nnetworking security issues reported by Mozilla engineers Tyson Smith and\nJed Davis.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00014.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00055.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-2779.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-2779.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2834.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-2834.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2834","reference_id":"","reference_type":"","scores":[{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60642","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60515","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60638","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60653","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60678","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.6059","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60619","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00399","scoring_system":"epss","scoring_elements":"0.60589","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-2834"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1206283","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1206283"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1221620","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1221620"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1241034","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1241034"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1241037","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1241037"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.23_release_notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2016/mfsa2016-61.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2016/mfsa2016-61.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/91072","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91072"},{"reference_url":"http://www.securitytracker.com/id/1036057","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036057"},{"reference_url":"http://www.ubuntu.com/usn/USN-2993-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2993-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-3029-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-3029-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347908","reference_id":"1347908","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1347908"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*","reference_id":"cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:novell:suse_linux_enterprise_software_development_kit:12.0:sp1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_desktop:12.0:sp1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*","reference_id":"cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:suse_linux_enterprise_server:12.0:sp1:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834","reference_id":"CVE-2016-2834","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2834","reference_id":"CVE-2016-2834","reference_type":"","scores":[{"value":"9.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:C/I:C/A:C"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2834"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-61","reference_id":"mfsa2016-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-61"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2779","reference_id":"RHSA-2016:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2779"},{"reference_url":"https://usn.ubuntu.com/2993-1/","reference_id":"USN-2993-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2993-1/"},{"reference_url":"https://usn.ubuntu.com/3029-1/","reference_id":"USN-3029-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3029-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-2834"],"risk_score":4.2,"exploitability":"0.5","weighted_severity":"8.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w58-mdmk-guh8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41223?format=json","vulnerability_id":"VCID-2w9f-avet-g7c5","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird, the worst of which may allow user-assisted execution of\n    arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"},{"reference_url":"http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1980.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1980.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1981.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1981.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7181.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7181.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7181","reference_id":"","reference_type":"","scores":[{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89731","published_at":"2026-04-13T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.8974","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89738","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89692","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89706","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89709","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89726","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05021","scoring_system":"epss","scoring_elements":"0.89733","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7181"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa119","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa119"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1192028","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1192028"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"},{"reference_url":"http://www.debian.org/security/2015/dsa-3393","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3393"},{"reference_url":"http://www.debian.org/security/2015/dsa-3410","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3410"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2015/mfsa2015-133.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/77416","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77416"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securitytracker.com/id/1034069","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034069"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753","reference_id":"","reference_type":"","scores":[],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"},{"reference_url":"http://www.ubuntu.com/usn/USN-2785-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2785-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2791-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2791-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2819-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2819-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269345","reference_id":"1269345","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269345"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7181","reference_id":"CVE-2015-7181","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7181"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"},{"reference_url":"https://usn.ubuntu.com/2785-1/","reference_id":"USN-2785-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2785-1/"},{"reference_url":"https://usn.ubuntu.com/2791-1/","reference_id":"USN-2791-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2791-1/"},{"reference_url":"https://usn.ubuntu.com/2819-1/","reference_id":"USN-2819-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2819-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7181"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2w9f-avet-g7c5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51735?format=json","vulnerability_id":"VCID-5wqt-2dtu-8qa4","summary":"Multiple vulnerabilities have been found in Firefox, Thunderbird,\n    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with\n    the worst of which may allow remote execution of arbitrary code.","references":[{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00001.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00002.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2016/Mar/msg00004.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00016.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0495.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0495.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1950.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1950","reference_id":"","reference_type":"","scores":[{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.8308","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83014","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83067","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83074","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.8309","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83084","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83031","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83044","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01867","scoring_system":"epss","scoring_elements":"0.83042","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1950"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa119","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa119"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1245528","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1245528"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1952"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1954"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1957"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1958"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1960"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1961"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1962"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1964"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1965"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1966"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1974"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1977"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2794"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2795"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2796"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2797"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2798"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2799"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2801"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2802"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.3_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://support.apple.com/HT206166","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206166"},{"reference_url":"https://support.apple.com/HT206167","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206167"},{"reference_url":"https://support.apple.com/HT206168","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206168"},{"reference_url":"https://support.apple.com/HT206169","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/HT206169"},{"reference_url":"http://www.debian.org/security/2016/dsa-3510","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3510"},{"reference_url":"http://www.debian.org/security/2016/dsa-3520","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3520"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2016/mfsa2016-35.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2016/mfsa2016-35.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/84223","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/84223"},{"reference_url":"http://www.securitytracker.com/id/1035215","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035215"},{"reference_url":"http://www.ubuntu.com/usn/USN-2917-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2917-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2917-2","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2917-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2917-3","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2917-3"},{"reference_url":"http://www.ubuntu.com/usn/USN-2924-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2924-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2934-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2934-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310509","reference_id":"1310509","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310509"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.6.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.19.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.21:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:linux:7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:oracle:vm_server:3.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1950"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0370","reference_id":"RHSA-2016:0370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0371","reference_id":"RHSA-2016:0371","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0371"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0495","reference_id":"RHSA-2016:0495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0495"},{"reference_url":"https://usn.ubuntu.com/2917-1/","reference_id":"USN-2917-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2917-1/"},{"reference_url":"https://usn.ubuntu.com/2924-1/","reference_id":"USN-2924-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2924-1/"},{"reference_url":"https://usn.ubuntu.com/2934-1/","reference_id":"USN-2934-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2934-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1950"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5wqt-2dtu-8qa4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51723?format=json","vulnerability_id":"VCID-9mux-fuyc-a7dx","summary":"Multiple vulnerabilities have been found in Firefox, Thunderbird,\n    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with\n    the worst of which may allow remote execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00010.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1938.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1938.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1938","reference_id":"","reference_type":"","scores":[{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77513","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77455","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77506","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77532","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77516","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77461","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77486","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77467","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01048","scoring_system":"epss","scoring_elements":"0.77497","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1938"},{"reference_url":"https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html","reference_id":"","reference_type":"","scores":[],"url":"https://blog.fuzzing-project.org/37-Mozilla-NSS-Wrong-calculation-results-in-mp_div-and-mp_exptmod.html"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1190248","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1190248"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1194947","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1194947"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"},{"reference_url":"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_div.c"},{"reference_url":"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/hannob/bignum-fuzz/blob/master/CVE-2016-1938-nss-mp_exptmod.c"},{"reference_url":"https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c","reference_id":"","reference_type":"","scores":[],"url":"https://hg.mozilla.org/projects/nss/diff/a555bf0fc23a/lib/freebl/mpi/mpi.c"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2016/mfsa2016-07.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2016/mfsa2016-07.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.securityfocus.com/bid/81955","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/81955"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securitytracker.com/id/1034825","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034825"},{"reference_url":"http://www.ubuntu.com/usn/USN-2880-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2880-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2880-2","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2880-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2903-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2903-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2903-2","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2903-2"},{"reference_url":"http://www.ubuntu.com/usn/USN-2973-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2973-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305159","reference_id":"1305159","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1305159"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:nss:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938","reference_id":"CVE-2016-1938","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1938","reference_id":"CVE-2016-1938","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:N"},{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1938"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07","reference_id":"mfsa2016-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07"},{"reference_url":"https://usn.ubuntu.com/2880-1/","reference_id":"USN-2880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2880-1/"},{"reference_url":"https://usn.ubuntu.com/2903-1/","reference_id":"USN-2903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2903-1/"},{"reference_url":"https://usn.ubuntu.com/2973-1/","reference_id":"USN-2973-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2973-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1938"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9mux-fuyc-a7dx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51558?format=json","vulnerability_id":"VCID-dh3c-g3k3-zkb7","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7805","reference_id":"","reference_type":"","scores":[{"value":"0.03211","scoring_system":"epss","scoring_elements":"0.8703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88197","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88191","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88199","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88171","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7805"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1377618","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1377618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-3987","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3987"},{"reference_url":"https://www.debian.org/security/2017/dsa-3998","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3998"},{"reference_url":"https://www.debian.org/security/2017/dsa-4014","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4014"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-21/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-21/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-22/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-22/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-23/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-23/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/101059","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101059"},{"reference_url":"http://www.securitytracker.com/id/1039465","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1471171","reference_id":"1471171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1471171"},{"reference_url":"https://security.archlinux.org/ASA-201710-19","reference_id":"ASA-201710-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-19"},{"reference_url":"https://security.archlinux.org/AVG-441","reference_id":"AVG-441","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-441"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7805","reference_id":"CVE-2017-7805","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7805"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21","reference_id":"mfsa2017-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22","reference_id":"mfsa2017-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23","reference_id":"mfsa2017-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2832","reference_id":"RHSA-2017:2832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2832"},{"reference_url":"https://usn.ubuntu.com/3431-1/","reference_id":"USN-3431-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3431-1/"},{"reference_url":"https://usn.ubuntu.com/3435-1/","reference_id":"USN-3435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3435-1/"},{"reference_url":"https://usn.ubuntu.com/3436-1/","reference_id":"USN-3436-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3436-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2017-7805"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh3c-g3k3-zkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51785?format=json","vulnerability_id":"VCID-dk4z-1j37-aucx","summary":"Multiple vulnerabilities have been found in Firefox, Thunderbird,\n    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with\n    the worst of which may allow remote execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00031.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0591.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0591.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0684.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0684.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0685.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0685.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1979.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1979.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1979","reference_id":"","reference_type":"","scores":[{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72159","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72113","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72165","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72188","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72172","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72119","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72139","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72117","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00707","scoring_system":"epss","scoring_elements":"0.72153","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1979"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa124","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa124"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1185033","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1185033"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2807"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.1_release_notes"},{"reference_url":"http://www.debian.org/security/2016/dsa-3576","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3576"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2016/mfsa2016-36.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2016/mfsa2016-36.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/84221","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/84221"},{"reference_url":"http://www.securitytracker.com/id/1035215","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035215"},{"reference_url":"http://www.ubuntu.com/usn/USN-2973-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2973-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315202","reference_id":"1315202","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315202"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979","reference_id":"CVE-2016-1979","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1979","reference_id":"CVE-2016-1979","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"},{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1979"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36","reference_id":"mfsa2016-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0591","reference_id":"RHSA-2016:0591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0684","reference_id":"RHSA-2016:0684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0685","reference_id":"RHSA-2016:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0685"},{"reference_url":"https://usn.ubuntu.com/2973-1/","reference_id":"USN-2973-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2973-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1979"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dk4z-1j37-aucx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49729?format=json","vulnerability_id":"VCID-gfj6-dsud-g3fh","summary":"Multiple vulnerabilities have been found in NSS, the worst of which\n    may allow execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5462.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5462.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5462","reference_id":"","reference_type":"","scores":[{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77748","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77749","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77765","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77689","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77739","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77734","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77706","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77723","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01072","scoring_system":"epss","scoring_elements":"0.77696","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5462"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1345089"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.debian.org/security/2017/dsa-3831","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3831"},{"reference_url":"https://www.debian.org/security/2017/dsa-3872","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3872"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-10/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-10/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-11/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-11/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-12/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-12/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-13/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-13/"},{"reference_url":"http://www.securityfocus.com/bid/97940","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/97940"},{"reference_url":"http://www.securitytracker.com/id/1038320","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038320"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443348","reference_id":"1443348","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1443348"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958","reference_id":"862958","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5462","reference_id":"CVE-2017-5462","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5462"},{"reference_url":"https://security.gentoo.org/glsa/201705-04","reference_id":"GLSA-201705-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-04"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"},{"reference_url":"https://usn.ubuntu.com/3260-1/","reference_id":"USN-3260-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3260-1/"},{"reference_url":"https://usn.ubuntu.com/3278-1/","reference_id":"USN-3278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3278-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5462"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gfj6-dsud-g3fh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84735?format=json","vulnerability_id":"VCID-hs79-pemh-vfd6","summary":"nss: Remote DoS during session handshake when using SessionTicket extention and ECDHE-ECDSA","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9574.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9574.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9574","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40051","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40168","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40212","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40224","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40187","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.402","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40225","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40147","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40201","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9574"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1320695","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1320695"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404568","reference_id":"1404568","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404568"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9574","reference_id":"CVE-2016-9574","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-9574"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-9574"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs79-pemh-vfd6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41122?format=json","vulnerability_id":"VCID-jmhk-12t1-kugh","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird, the worst of which may allow user-assisted execution of\n    arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2730.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2730.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2730","reference_id":"","reference_type":"","scores":[{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45533","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.4544","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45514","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45536","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45482","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45537","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45538","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45558","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00228","scoring_system":"epss","scoring_elements":"0.45527","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236954","reference_id":"1236954","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236954"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64","reference_id":"mfsa2015-64","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1664","reference_id":"RHSA-2015:1664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1664"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1699","reference_id":"RHSA-2015:1699","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1699"},{"reference_url":"https://usn.ubuntu.com/2656-1/","reference_id":"USN-2656-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2656-1/"},{"reference_url":"https://usn.ubuntu.com/2656-2/","reference_id":"USN-2656-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2656-2/"},{"reference_url":"https://usn.ubuntu.com/2672-1/","reference_id":"USN-2672-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2672-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571419?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ert-2qyc-cfc1"},{"vulnerability":"VCID-2w58-mdmk-guh8"},{"vulnerability":"VCID-2w9f-avet-g7c5"},{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-5wqt-2dtu-8qa4"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8j3v-g9xv-gud5"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-9mux-fuyc-a7dx"},{"vulnerability":"VCID-b3mt-3nfn-suc1"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-dk4z-1j37-aucx"},{"vulnerability":"VCID-dtrc-mwu9-2bdf"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-hs79-pemh-vfd6"},{"vulnerability":"VCID-jm5w-6pdb-bbes"},{"vulnerability":"VCID-jmhk-12t1-kugh"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mwjm-p7pr-kfhj"},{"vulnerability":"VCID-mwyu-5rk2-xbbz"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-pc13-zwmr-p7hz"},{"vulnerability":"VCID-qdev-8m9n-8bbr"},{"vulnerability":"VCID-qdqz-admy-e7cg"},{"vulnerability":"VCID-qup9-qy11-fqhe"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-rzqy-gheq-cqgg"},{"vulnerability":"VCID-sucm-cq7u-r3en"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-ukuz-m6d3-5kab"},{"vulnerability":"VCID-uqv9-vr1q-6ya1"},{"vulnerability":"VCID-uzt2-tufb-rua5"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w5wp-ujx1-vkhp"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-wut5-sqr6-mubd"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-xap5-djda-2uem"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"},{"vulnerability":"VCID-z26z-btvf-x7eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2730"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jmhk-12t1-kugh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49728?format=json","vulnerability_id":"VCID-kxvg-qw8v-vydv","summary":"Multiple vulnerabilities have been found in NSS, the worst of which\n    may allow execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5461.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-5461.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5461","reference_id":"","reference_type":"","scores":[{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76015","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76021","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76044","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75956","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75992","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76004","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75971","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.75959","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00925","scoring_system":"epss","scoring_elements":"0.76019","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-5461"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1344380","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1344380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5429"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5432"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5433"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5434"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5435"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5436"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5438"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5439"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5440"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5441"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5442"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5443"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5444"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5445"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5446"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5447"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5459"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5464"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5465"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21.4_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.28.4_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29.5_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.30.1_release_notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10/#CVE-2017-5461"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11/#CVE-2017-5461"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12/#CVE-2017-5461"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13/#CVE-2017-5461"},{"reference_url":"https://www.oracle.com//security-alerts/cpujul2021.html","reference_id":"","reference_type":"","scores":[],"url":"https://www.oracle.com//security-alerts/cpujul2021.html"},{"reference_url":"http://www.debian.org/security/2017/dsa-3831","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3831"},{"reference_url":"http://www.debian.org/security/2017/dsa-3872","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2017/dsa-3872"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.securityfocus.com/bid/98050","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/98050"},{"reference_url":"http://www.securitytracker.com/id/1038320","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1038320"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1440080","reference_id":"1440080","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1440080"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958","reference_id":"862958","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=862958"},{"reference_url":"https://security.archlinux.org/ASA-201704-4","reference_id":"ASA-201704-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-4"},{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/ASA-201705-21","reference_id":"ASA-201705-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-21"},{"reference_url":"https://security.archlinux.org/AVG-247","reference_id":"AVG-247","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-247"},{"reference_url":"https://security.archlinux.org/AVG-248","reference_id":"AVG-248","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-248"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5461","reference_id":"CVE-2017-5461","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-5461"},{"reference_url":"https://security.gentoo.org/glsa/201705-04","reference_id":"GLSA-201705-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201705-04"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1100","reference_id":"RHSA-2017:1100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1101","reference_id":"RHSA-2017:1101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1102","reference_id":"RHSA-2017:1102","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1102"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1103","reference_id":"RHSA-2017:1103","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1103"},{"reference_url":"https://usn.ubuntu.com/3260-1/","reference_id":"USN-3260-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3260-1/"},{"reference_url":"https://usn.ubuntu.com/3270-1/","reference_id":"USN-3270-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3270-1/"},{"reference_url":"https://usn.ubuntu.com/3278-1/","reference_id":"USN-3278-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3278-1/"},{"reference_url":"https://usn.ubuntu.com/3372-1/","reference_id":"USN-3372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5461"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kxvg-qw8v-vydv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41090?format=json","vulnerability_id":"VCID-mwyu-5rk2-xbbz","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird, the worst of which may allow user-assisted execution of\n    arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2721.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-2721.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2721","reference_id":"","reference_type":"","scores":[{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69676","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69606","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69619","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69635","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69614","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69665","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69682","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69704","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00607","scoring_system":"epss","scoring_elements":"0.69689","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-2721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236967","reference_id":"1236967","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1236967"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71","reference_id":"mfsa2015-71","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1185","reference_id":"RHSA-2015:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1664","reference_id":"RHSA-2015:1664","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1664"},{"reference_url":"https://usn.ubuntu.com/2656-1/","reference_id":"USN-2656-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2656-1/"},{"reference_url":"https://usn.ubuntu.com/2656-2/","reference_id":"USN-2656-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2656-2/"},{"reference_url":"https://usn.ubuntu.com/2672-1/","reference_id":"USN-2672-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2672-1/"},{"reference_url":"https://usn.ubuntu.com/2673-1/","reference_id":"USN-2673-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2673-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/571419?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1ert-2qyc-cfc1"},{"vulnerability":"VCID-2w58-mdmk-guh8"},{"vulnerability":"VCID-2w9f-avet-g7c5"},{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-5wqt-2dtu-8qa4"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8j3v-g9xv-gud5"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-9mux-fuyc-a7dx"},{"vulnerability":"VCID-b3mt-3nfn-suc1"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-dk4z-1j37-aucx"},{"vulnerability":"VCID-dtrc-mwu9-2bdf"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-hs79-pemh-vfd6"},{"vulnerability":"VCID-jm5w-6pdb-bbes"},{"vulnerability":"VCID-jmhk-12t1-kugh"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mwjm-p7pr-kfhj"},{"vulnerability":"VCID-mwyu-5rk2-xbbz"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-pc13-zwmr-p7hz"},{"vulnerability":"VCID-qdev-8m9n-8bbr"},{"vulnerability":"VCID-qdqz-admy-e7cg"},{"vulnerability":"VCID-qup9-qy11-fqhe"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-rzqy-gheq-cqgg"},{"vulnerability":"VCID-sucm-cq7u-r3en"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-ukuz-m6d3-5kab"},{"vulnerability":"VCID-uqv9-vr1q-6ya1"},{"vulnerability":"VCID-uzt2-tufb-rua5"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w5wp-ujx1-vkhp"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-wut5-sqr6-mubd"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-xap5-djda-2uem"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"},{"vulnerability":"VCID-z26z-btvf-x7eq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2721"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mwyu-5rk2-xbbz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58212?format=json","vulnerability_id":"VCID-pc13-zwmr-p7hz","summary":"Multiple vulnerabilities have been found in NSS, the worst of which\n    could allow remote attackers to obtain access to private key information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8635.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8635","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61508","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61582","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61612","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61583","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61631","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61646","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61667","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61656","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61636","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391818","reference_id":"1391818","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391818"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2779","reference_id":"RHSA-2016:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2779"},{"reference_url":"https://usn.ubuntu.com/3163-1/","reference_id":"USN-3163-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3163-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-8635"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pc13-zwmr-p7hz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39980?format=json","vulnerability_id":"VCID-qup9-qy11-fqhe","summary":"Multiple vulnerabilities have been found in mbed TLS, the worst of\n    which could lead to the remote execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00038.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00041.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00042.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00043.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00044.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00045.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00047.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-01/msg00048.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00139.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00058.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-01/msg00059.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00007.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00008.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00101.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00166.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0049.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0049.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0050.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0050.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0053.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0053.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0054.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0054.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0055.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0055.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0056.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0056.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7575.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7575.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7575","reference_id":"","reference_type":"","scores":[{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.81189","published_at":"2026-04-13T12:55:00Z"},{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.81125","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.81184","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.8119","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.8121","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.81196","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.81134","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01509","scoring_system":"epss","scoring_elements":"0.81157","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7575"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1158489","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1158489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1523"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1930"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1935"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/docs/Mozilla/Projects/NSS/NSS_3.20.2_release_notes"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.netapp.com/advisory/ntap-20160225-0001/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20160225-0001/"},{"reference_url":"http://www.debian.org/security/2016/dsa-3436","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3436"},{"reference_url":"http://www.debian.org/security/2016/dsa-3437","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3437"},{"reference_url":"http://www.debian.org/security/2016/dsa-3457","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3457"},{"reference_url":"http://www.debian.org/security/2016/dsa-3458","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3458"},{"reference_url":"http://www.debian.org/security/2016/dsa-3465","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3465"},{"reference_url":"http://www.debian.org/security/2016/dsa-3491","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3491"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2015/mfsa2015-150.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2015/mfsa2015-150.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"},{"reference_url":"http://www.securityfocus.com/bid/79684","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/79684"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securitytracker.com/id/1034541","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034541"},{"reference_url":"http://www.securitytracker.com/id/1036467","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036467"},{"reference_url":"http://www.ubuntu.com/usn/USN-2863-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2863-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2864-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2864-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2865-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2865-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2866-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2866-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2884-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2884-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2904-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2904-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289841","reference_id":"1289841","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1289841"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.5.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7575","reference_id":"CVE-2015-7575","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"},{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7575"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://security.gentoo.org/glsa/201706-18","reference_id":"GLSA-201706-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201706-18"},{"reference_url":"https://security.gentoo.org/glsa/201801-15","reference_id":"GLSA-201801-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201801-15"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150","reference_id":"mfsa2015-150","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0007","reference_id":"RHSA-2016:0007","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0007"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0008","reference_id":"RHSA-2016:0008","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0008"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0012","reference_id":"RHSA-2016:0012","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0012"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0049","reference_id":"RHSA-2016:0049","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0049"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0050","reference_id":"RHSA-2016:0050","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0050"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0053","reference_id":"RHSA-2016:0053","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0053"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0054","reference_id":"RHSA-2016:0054","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0054"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0055","reference_id":"RHSA-2016:0055","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0055"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0056","reference_id":"RHSA-2016:0056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0056"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0098","reference_id":"RHSA-2016:0098","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0098"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0099","reference_id":"RHSA-2016:0099","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0099"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0100","reference_id":"RHSA-2016:0100","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0100"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0101","reference_id":"RHSA-2016:0101","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0101"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1430","reference_id":"RHSA-2016:1430","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1430"},{"reference_url":"https://usn.ubuntu.com/2863-1/","reference_id":"USN-2863-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2863-1/"},{"reference_url":"https://usn.ubuntu.com/2864-1/","reference_id":"USN-2864-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2864-1/"},{"reference_url":"https://usn.ubuntu.com/2865-1/","reference_id":"USN-2865-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2865-1/"},{"reference_url":"https://usn.ubuntu.com/2866-1/","reference_id":"USN-2866-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2866-1/"},{"reference_url":"https://usn.ubuntu.com/2884-1/","reference_id":"USN-2884-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2884-1/"},{"reference_url":"https://usn.ubuntu.com/2904-1/","reference_id":"USN-2904-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2904-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7575"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qup9-qy11-fqhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34739?format=json","vulnerability_id":"VCID-rzqy-gheq-cqgg","summary":"Multiple vulnerabilities have been found in Oracle's JRE and JDK\n    software suites allowing remote attackers to remotely execute arbitrary\n    code, obtain information, and cause Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4000.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-4000.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4000","reference_id":"","reference_type":"","scores":[{"value":"0.93743","scoring_system":"epss","scoring_elements":"0.99851","published_at":"2026-04-07T12:55:00Z"},{"value":"0.93894","scoring_system":"epss","scoring_elements":"0.99875","published_at":"2026-04-08T12:55:00Z"},{"value":"0.93894","scoring_system":"epss","scoring_elements":"0.99876","published_at":"2026-04-09T12:55:00Z"},{"value":"0.939","scoring_system":"epss","scoring_elements":"0.99876","published_at":"2026-04-13T12:55:00Z"},{"value":"0.939","scoring_system":"epss","scoring_elements":"0.99873","published_at":"2026-04-01T12:55:00Z"},{"value":"0.939","scoring_system":"epss","scoring_elements":"0.99874","published_at":"2026-04-02T12:55:00Z"},{"value":"0.939","scoring_system":"epss","scoring_elements":"0.99875","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2736"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:C/I:C/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223211","reference_id":"1223211","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1223211"},{"reference_url":"https://security.gentoo.org/glsa/201506-02","reference_id":"GLSA-201506-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201506-02"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201603-11","reference_id":"GLSA-201603-11","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-11"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70","reference_id":"mfsa2015-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1072","reference_id":"RHSA-2015:1072","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1072"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1185","reference_id":"RHSA-2015:1185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1185"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1197","reference_id":"RHSA-2015:1197","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1197"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1228","reference_id":"RHSA-2015:1228","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1228"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1229","reference_id":"RHSA-2015:1229","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1229"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1230","reference_id":"RHSA-2015:1230","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1230"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1241","reference_id":"RHSA-2015:1241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1242","reference_id":"RHSA-2015:1242","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1242"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1243","reference_id":"RHSA-2015:1243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1485","reference_id":"RHSA-2015:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1486","reference_id":"RHSA-2015:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1488","reference_id":"RHSA-2015:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1526","reference_id":"RHSA-2015:1526","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1526"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1544","reference_id":"RHSA-2015:1544","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1544"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1604","reference_id":"RHSA-2015:1604","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1604"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2056","reference_id":"RHSA-2016:2056","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2056"},{"reference_url":"https://usn.ubuntu.com/2656-1/","reference_id":"USN-2656-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2656-1/"},{"reference_url":"https://usn.ubuntu.com/2656-2/","reference_id":"USN-2656-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2656-2/"},{"reference_url":"https://usn.ubuntu.com/2673-1/","reference_id":"USN-2673-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2673-1/"},{"reference_url":"https://usn.ubuntu.com/2696-1/","reference_id":"USN-2696-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2696-1/"},{"reference_url":"https://usn.ubuntu.com/2706-1/","reference_id":"USN-2706-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2706-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-4000"],"risk_score":7.2,"exploitability":"2.0","weighted_severity":"3.6","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rzqy-gheq-cqgg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/84279?format=json","vulnerability_id":"VCID-t89f-eksr-juen","summary":"nss: Null pointer dereference when handling empty SSLv2 messages","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7502.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7502.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7502","reference_id":"","reference_type":"","scores":[{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.8394","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.83972","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84002","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84017","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.84011","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.83954","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.8397","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02085","scoring_system":"epss","scoring_elements":"0.83995","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02098","scoring_system":"epss","scoring_elements":"0.84048","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7502"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446631","reference_id":"1446631","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1446631"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863839","reference_id":"863839","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=863839"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1364","reference_id":"RHSA-2017:1364","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1364"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1365","reference_id":"RHSA-2017:1365","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:1567","reference_id":"RHSA-2017:1567","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:1567"},{"reference_url":"https://usn.ubuntu.com/3336-1/","reference_id":"USN-3336-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3336-1/"},{"reference_url":"https://usn.ubuntu.com/3372-1/","reference_id":"USN-3372-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3372-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-7502"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t89f-eksr-juen"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/58211?format=json","vulnerability_id":"VCID-ukuz-m6d3-5kab","summary":"Multiple vulnerabilities have been found in NSS, the worst of which\n    could allow remote attackers to obtain access to private key information.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5285.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5285","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81796","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81806","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81829","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81826","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81852","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81859","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81878","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81866","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.81861","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383883","reference_id":"1383883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383883"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2779","reference_id":"RHSA-2016:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2779"},{"reference_url":"https://usn.ubuntu.com/3163-1/","reference_id":"USN-3163-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3163-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-5285"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ukuz-m6d3-5kab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51782?format=json","vulnerability_id":"VCID-wut5-sqr6-mubd","summary":"Multiple vulnerabilities have been found in Firefox, Thunderbird,\n    Network Security Services (NSS), and NetScape Portable Runtime (NSPR) with\n    the worst of which may allow remote execution of arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00027.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00050.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00068.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00093.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0591.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0591.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0684.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0684.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2016-0685.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2016-0685.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1978.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1978.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1978","reference_id":"","reference_type":"","scores":[{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85233","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85163","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85224","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85239","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85236","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85175","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85193","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85194","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02458","scoring_system":"epss","scoring_elements":"0.85216","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1978"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa124","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa124"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1209546","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1209546"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.21_release_notes"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2016/mfsa2016-15.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2016/mfsa2016-15.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/84275","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/84275"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securitytracker.com/id/1035258","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035258"},{"reference_url":"http://www.ubuntu.com/usn/USN-2973-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2973-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315565","reference_id":"1315565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1315565"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978","reference_id":"CVE-2016-1978","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1978","reference_id":"CVE-2016-1978","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"7.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-1978"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15","reference_id":"mfsa2016-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0591","reference_id":"RHSA-2016:0591","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0591"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0684","reference_id":"RHSA-2016:0684","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0684"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0685","reference_id":"RHSA-2016:0685","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0685"},{"reference_url":"https://usn.ubuntu.com/2973-1/","reference_id":"USN-2973-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2973-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1978"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wut5-sqr6-mubd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41224?format=json","vulnerability_id":"VCID-z26z-btvf-x7eq","summary":"Multiple vulnerabilities have been found in Mozilla Firefox and\n    Thunderbird, the worst of which may allow user-assisted execution of\n    arbitrary code.","references":[{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00015.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00020.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00021.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00025.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00037.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2015-12/msg00049.html"},{"reference_url":"http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html","reference_id":"","reference_type":"","scores":[],"url":"http://packetstormsecurity.com/files/134268/Slackware-Security-Advisory-mozilla-nss-Updates.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1980.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1980.html"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2015-1981.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2015-1981.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7182.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2015-7182.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7182","reference_id":"","reference_type":"","scores":[{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.9344","published_at":"2026-04-13T12:55:00Z"},{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93405","published_at":"2026-04-01T12:55:00Z"},{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93433","published_at":"2026-04-09T12:55:00Z"},{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93438","published_at":"2026-04-11T12:55:00Z"},{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93439","published_at":"2026-04-12T12:55:00Z"},{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93413","published_at":"2026-04-02T12:55:00Z"},{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93421","published_at":"2026-04-07T12:55:00Z"},{"value":"0.11044","scoring_system":"epss","scoring_elements":"0.93429","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2015-7182"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa119","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa119"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1202868","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1202868"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4473"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4487"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4489"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7188"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7189"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7193"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7194"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7196"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7197"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7198"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7199"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7200"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.2.1_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.19.4_release_notes"},{"reference_url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes","reference_id":"","reference_type":"","scores":[],"url":"https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.20.1_release_notes"},{"reference_url":"http://www.debian.org/security/2015/dsa-3393","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3393"},{"reference_url":"http://www.debian.org/security/2015/dsa-3410","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3410"},{"reference_url":"http://www.debian.org/security/2016/dsa-3688","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3688"},{"reference_url":"http://www.mozilla.org/security/announce/2015/mfsa2015-133.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.mozilla.org/security/announce/2015/mfsa2015-133.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html"},{"reference_url":"http://www.securityfocus.com/bid/77416","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/77416"},{"reference_url":"http://www.securityfocus.com/bid/91787","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91787"},{"reference_url":"http://www.securitytracker.com/id/1034069","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034069"},{"reference_url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753","reference_id":"","reference_type":"","scores":[],"url":"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2015&m=slackware-security.399753"},{"reference_url":"http://www.ubuntu.com/usn/USN-2785-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2785-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2791-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2791-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-2819-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2819-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269351","reference_id":"1269351","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1269351"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.0.5:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.2.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:38.3.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:network_security_services:3.20.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:glassfish_server:2.1.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_proxy_server:4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:iplanet_web_server:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:opensso:3.0-0.7:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:opensso:3.0-0.7:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:opensso:3.0-0.7:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:traffic_director:11.1.1.7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:traffic_director:11.1.1.9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:oracle:traffic_director:11.1.1.9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:oracle:traffic_director:11.1.1.9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7182","reference_id":"CVE-2015-7182","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2015-7182"},{"reference_url":"https://security.gentoo.org/glsa/201512-10","reference_id":"GLSA-201512-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201512-10"},{"reference_url":"https://security.gentoo.org/glsa/201605-06","reference_id":"GLSA-201605-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201605-06"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1980","reference_id":"RHSA-2015:1980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1981","reference_id":"RHSA-2015:1981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:1981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:2068","reference_id":"RHSA-2015:2068","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2015:2068"},{"reference_url":"https://usn.ubuntu.com/2785-1/","reference_id":"USN-2785-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2785-1/"},{"reference_url":"https://usn.ubuntu.com/2791-1/","reference_id":"USN-2791-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2791-1/"},{"reference_url":"https://usn.ubuntu.com/2819-1/","reference_id":"USN-2819-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2819-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7182"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-z26z-btvf-x7eq"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}