{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","type":"deb","namespace":"debian","name":"nss","version":"2:3.42.1-1+deb10u5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:3.87.1-1+deb12u2","latest_non_vulnerable_version":"2:3.87.1-1+deb12u2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63103?format=json","vulnerability_id":"VCID-2zrv-q4tb-wqeg","summary":"The NSS code used for checking PKCS#1 v1.5 was leaking information useful in mounting Bleichenbacher-like attacks.\nBoth the overall correctness of the padding as well as the length of the encrypted message was leaking through timing side-channel.\nBy sending large number of attacker-selected ciphertexts, the attacker would be able to decrypt a previously intercepted PKCS#1 v1.5 ciphertext (for example, to decrypt a TLS session that used RSA key exchange), or forge a signature using the victim's key.\nThe issue was fixed by implementing the implicit rejection algorithm, in which the NSS returns a deterministic random message in case invalid padding is detected, as proposed in the Marvin Attack paper.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4421.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-4421.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4421","reference_id":"","reference_type":"","scores":[{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.4514","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45171","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45138","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45154","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00224","scoring_system":"epss","scoring_elements":"0.45149","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-4421"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4421","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-4421"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238677","reference_id":"2238677","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2238677"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-53","reference_id":"mfsa2023-53","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-53"},{"reference_url":"https://usn.ubuntu.com/6727-1/","reference_id":"USN-6727-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6727-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2023-4421"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2zrv-q4tb-wqeg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44219?format=json","vulnerability_id":"VCID-46cy-x3cp-tke5","summary":"Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0743.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0743.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0743","reference_id":"","reference_type":"","scores":[{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76033","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.75979","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76039","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76062","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76037","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76023","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.7599","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00926","scoring_system":"epss","scoring_elements":"0.76011","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-0743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5388"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-0743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1936"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2607"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2608"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2610"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2611"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2612"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2614"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2616"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260012","reference_id":"2260012","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2260012"},{"reference_url":"https://security.gentoo.org/glsa/202402-26","reference_id":"GLSA-202402-26","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202402-26"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-01","reference_id":"mfsa2024-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-01/","reference_id":"mfsa2024-01","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-13","reference_id":"mfsa2024-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-13/","reference_id":"mfsa2024-13","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-14","reference_id":"mfsa2024-14","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-14"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-14/","reference_id":"mfsa2024-14","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-14/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html","reference_id":"msg00010.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00010.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html","reference_id":"msg00022.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00022.html"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html","reference_id":"msg00028.html","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2024/03/msg00028.html"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1483","reference_id":"RHSA-2024:1483","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1483"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1484","reference_id":"RHSA-2024:1484","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1484"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1485","reference_id":"RHSA-2024:1485","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1485"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1486","reference_id":"RHSA-2024:1486","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1486"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1487","reference_id":"RHSA-2024:1487","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1487"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1488","reference_id":"RHSA-2024:1488","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1488"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1489","reference_id":"RHSA-2024:1489","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1489"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1490","reference_id":"RHSA-2024:1490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1491","reference_id":"RHSA-2024:1491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1492","reference_id":"RHSA-2024:1492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1493","reference_id":"RHSA-2024:1493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1494","reference_id":"RHSA-2024:1494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1495","reference_id":"RHSA-2024:1495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1496","reference_id":"RHSA-2024:1496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1497","reference_id":"RHSA-2024:1497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1498","reference_id":"RHSA-2024:1498","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1498"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1499","reference_id":"RHSA-2024:1499","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1499"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:1500","reference_id":"RHSA-2024:1500","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:1500"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1867408","reference_id":"show_bug.cgi?id=1867408","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-09T23:30:55Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1867408"},{"reference_url":"https://usn.ubuntu.com/6610-1/","reference_id":"USN-6610-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6610-1/"},{"reference_url":"https://usn.ubuntu.com/6717-1/","reference_id":"USN-6717-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6717-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2024-0743"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-46cy-x3cp-tke5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63130?format=json","vulnerability_id":"VCID-6fvj-phnx-kfgs","summary":"After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17023","reference_id":"","reference_type":"","scores":[{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75657","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75682","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75601","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75632","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75646","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791225","reference_id":"1791225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791225"},{"reference_url":"https://security.archlinux.org/ASA-202001-1","reference_id":"ASA-202001-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202001-1"},{"reference_url":"https://security.archlinux.org/AVG-1084","reference_id":"AVG-1084","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1084"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01","reference_id":"mfsa2020-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4234-1/","reference_id":"USN-4234-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4234-1/"},{"reference_url":"https://usn.ubuntu.com/4397-1/","reference_id":"USN-4397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17023"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fvj-phnx-kfgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81704?format=json","vulnerability_id":"VCID-7msj-wyd6-zkbe","summary":"nss: Check length of inputs for cryptographic primitives","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17006","reference_id":"","reference_type":"","scores":[{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86617","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86654","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86675","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86668","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1775916","reference_id":"1775916","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1775916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0758","reference_id":"RHSA-2021:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1026","reference_id":"RHSA-2021:1026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1026"},{"reference_url":"https://usn.ubuntu.com/4231-1/","reference_id":"USN-4231-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4231-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17006"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7msj-wyd6-zkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32064?format=json","vulnerability_id":"VCID-8qtg-h4km-bfg2","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11719.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11719.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11719","reference_id":"","reference_type":"","scores":[{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.6355","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63534","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63517","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63413","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63465","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.63473","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00447","scoring_system":"epss","scoring_elements":"0.635","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11719"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728436","reference_id":"1728436","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728436"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://security.gentoo.org/glsa/201908-12","reference_id":"GLSA-201908-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-12"},{"reference_url":"https://security.gentoo.org/glsa/201908-20","reference_id":"GLSA-201908-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4054-1/","reference_id":"USN-4054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4054-1/"},{"reference_url":"https://usn.ubuntu.com/4060-1/","reference_id":"USN-4060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-1/"},{"reference_url":"https://usn.ubuntu.com/4060-2/","reference_id":"USN-4060-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-2/"},{"reference_url":"https://usn.ubuntu.com/4064-1/","reference_id":"USN-4064-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4064-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11719"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8qtg-h4km-bfg2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33937?format=json","vulnerability_id":"VCID-cgvg-aj53-kkbp","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0767.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0767","reference_id":"","reference_type":"","scores":[{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50523","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.505","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50477","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50481","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50484","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.5043","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0027","scoring_system":"epss","scoring_elements":"0.50485","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46871"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46877"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0430"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0767"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23598"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25728"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25730"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25735"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25744"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-25746"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170377","reference_id":"2170377","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2170377"},{"reference_url":"https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html","reference_id":"ALAS-2023-1992.html","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://alas.aws.amazon.com/AL2/ALAS-2023-1992.html"},{"reference_url":"https://security.gentoo.org/glsa/202305-35","reference_id":"GLSA-202305-35","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202305-35"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-05"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-05/","reference_id":"mfsa2023-05","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-05/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-06"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-06/","reference_id":"mfsa2023-06","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-06/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2023-07"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2023-07/","reference_id":"mfsa2023-07","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2023-07/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1252","reference_id":"RHSA-2023:1252","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1252"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1332","reference_id":"RHSA-2023:1332","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1365","reference_id":"RHSA-2023:1365","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1365"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1366","reference_id":"RHSA-2023:1366","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1366"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1368","reference_id":"RHSA-2023:1368","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1368"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1369","reference_id":"RHSA-2023:1369","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1369"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1370","reference_id":"RHSA-2023:1370","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1370"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1406","reference_id":"RHSA-2023:1406","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1406"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1436","reference_id":"RHSA-2023:1436","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1436"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1442","reference_id":"RHSA-2023:1442","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1442"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1443","reference_id":"RHSA-2023:1443","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1443"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1444","reference_id":"RHSA-2023:1444","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1444"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1445","reference_id":"RHSA-2023:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1472","reference_id":"RHSA-2023:1472","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1472"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1479","reference_id":"RHSA-2023:1479","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1479"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:1677","reference_id":"RHSA-2023:1677","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:1677"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804640","reference_id":"show_bug.cgi?id=1804640","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-04-23T13:27:56Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1804640"},{"reference_url":"https://usn.ubuntu.com/5880-1/","reference_id":"USN-5880-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5880-1/"},{"reference_url":"https://usn.ubuntu.com/5892-1/","reference_id":"USN-5892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5892-1/"},{"reference_url":"https://usn.ubuntu.com/5892-2/","reference_id":"USN-5892-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5892-2/"},{"reference_url":"https://usn.ubuntu.com/5943-1/","reference_id":"USN-5943-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5943-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2023-0767"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cgvg-aj53-kkbp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62052?format=json","vulnerability_id":"VCID-ewe9-39b1-kba2","summary":"A vulnerability in NSS might allow remote attackers to cause a\n    Denial of Service condition.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25648.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25648.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25648","reference_id":"","reference_type":"","scores":[{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27152","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27192","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27229","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27022","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27091","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27137","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27141","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.27097","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00099","scoring_system":"epss","scoring_elements":"0.2704","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25648"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25648"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887319","reference_id":"1887319","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1887319"},{"reference_url":"https://security.gentoo.org/glsa/202012-21","reference_id":"GLSA-202012-21","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202012-21"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1384","reference_id":"RHSA-2021:1384","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1384"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3572","reference_id":"RHSA-2021:3572","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3572"},{"reference_url":"https://usn.ubuntu.com/5410-1/","reference_id":"USN-5410-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5410-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-25648"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ewe9-39b1-kba2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32066?format=json","vulnerability_id":"VCID-hs5f-21nx-gfeb","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11729.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11729.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11729","reference_id":"","reference_type":"","scores":[{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67967","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67949","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67927","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67978","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67991","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.68001","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.67907","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0055","scoring_system":"epss","scoring_elements":"0.6793","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11729"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728437","reference_id":"1728437","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1728437"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://security.gentoo.org/glsa/201908-12","reference_id":"GLSA-201908-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-12"},{"reference_url":"https://security.gentoo.org/glsa/201908-20","reference_id":"GLSA-201908-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4190","reference_id":"RHSA-2019:4190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4190"},{"reference_url":"https://usn.ubuntu.com/4054-1/","reference_id":"USN-4054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4054-1/"},{"reference_url":"https://usn.ubuntu.com/4060-1/","reference_id":"USN-4060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-1/"},{"reference_url":"https://usn.ubuntu.com/4060-2/","reference_id":"USN-4060-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-2/"},{"reference_url":"https://usn.ubuntu.com/4064-1/","reference_id":"USN-4064-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4064-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11729"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hs5f-21nx-gfeb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56913?format=json","vulnerability_id":"VCID-jrsz-ynp7-wbb2","summary":"Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43527","reference_id":"","reference_type":"","scores":[{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89984","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.9008","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.90065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.90068","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024370","reference_id":"2024370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024370"},{"reference_url":"https://security.archlinux.org/ASA-202112-3","reference_id":"ASA-202112-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-3"},{"reference_url":"https://security.archlinux.org/ASA-202112-4","reference_id":"ASA-202112-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-4"},{"reference_url":"https://security.archlinux.org/AVG-2596","reference_id":"AVG-2596","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2596"},{"reference_url":"https://security.archlinux.org/AVG-2597","reference_id":"AVG-2597","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2597"},{"reference_url":"https://security.gentoo.org/glsa/202212-05","reference_id":"GLSA-202212-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51","reference_id":"mfsa2021-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4903","reference_id":"RHSA-2021:4903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4904","reference_id":"RHSA-2021:4904","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4907","reference_id":"RHSA-2021:4907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4909","reference_id":"RHSA-2021:4909","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4919","reference_id":"RHSA-2021:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4932","reference_id":"RHSA-2021:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4933","reference_id":"RHSA-2021:4933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4946","reference_id":"RHSA-2021:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4953","reference_id":"RHSA-2021:4953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4954","reference_id":"RHSA-2021:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4969","reference_id":"RHSA-2021:4969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4994","reference_id":"RHSA-2021:4994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5006","reference_id":"RHSA-2021:5006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5035","reference_id":"RHSA-2021:5035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5035"},{"reference_url":"https://usn.ubuntu.com/5168-1/","reference_id":"USN-5168-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-1/"},{"reference_url":"https://usn.ubuntu.com/5168-2/","reference_id":"USN-5168-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-2/"},{"reference_url":"https://usn.ubuntu.com/5168-3/","reference_id":"USN-5168-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-3/"},{"reference_url":"https://usn.ubuntu.com/5168-4/","reference_id":"USN-5168-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2021-43527"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrsz-ynp7-wbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61777?format=json","vulnerability_id":"VCID-k2s2-zkua-8ydy","summary":"NSS has an information disclosure vulnerability when handling DSA\n    keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12399","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26718","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26794","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26854","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26895","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826177","reference_id":"1826177","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826177"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752","reference_id":"961752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752"},{"reference_url":"https://security.archlinux.org/ASA-202006-1","reference_id":"ASA-202006-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-1"},{"reference_url":"https://security.archlinux.org/ASA-202006-4","reference_id":"ASA-202006-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-4"},{"reference_url":"https://security.archlinux.org/AVG-1173","reference_id":"AVG-1173","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1173"},{"reference_url":"https://security.archlinux.org/AVG-1179","reference_id":"AVG-1179","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1179"},{"reference_url":"https://security.gentoo.org/glsa/202007-49","reference_id":"GLSA-202007-49","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20","reference_id":"mfsa2020-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21","reference_id":"mfsa2020-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22","reference_id":"mfsa2020-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://usn.ubuntu.com/4383-1/","reference_id":"USN-4383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4383-1/"},{"reference_url":"https://usn.ubuntu.com/4397-1/","reference_id":"USN-4397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-1/"},{"reference_url":"https://usn.ubuntu.com/4397-2/","reference_id":"USN-4397-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-2/"},{"reference_url":"https://usn.ubuntu.com/4421-1/","reference_id":"USN-4421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12399"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2s2-zkua-8ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39135?format=json","vulnerability_id":"VCID-k4a4-f1as-x3bj","summary":"NSS has multiple information disclosure vulnerabilities when\n    handling secret key material.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12400.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12400.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12400","reference_id":"","reference_type":"","scores":[{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35057","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35115","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35082","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.34934","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35132","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35161","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.3504","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35085","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00147","scoring_system":"epss","scoring_elements":"0.35111","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12400"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1853983","reference_id":"1853983","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1853983"},{"reference_url":"https://security.gentoo.org/glsa/202008-08","reference_id":"GLSA-202008-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4455-1/","reference_id":"USN-4455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4455-1/"},{"reference_url":"https://usn.ubuntu.com/4474-1/","reference_id":"USN-4474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12400"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k4a4-f1as-x3bj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63133?format=json","vulnerability_id":"VCID-mx8t-s47w-wud5","summary":"When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6829.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-6829.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6829","reference_id":"","reference_type":"","scores":[{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69005","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69049","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69034","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.6894","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68958","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68978","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.68957","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69007","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00584","scoring_system":"epss","scoring_elements":"0.69027","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-6829"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826187","reference_id":"1826187","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826187"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4455-1/","reference_id":"USN-4455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4455-1/"},{"reference_url":"https://usn.ubuntu.com/4474-1/","reference_id":"USN-4474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-6829"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mx8t-s47w-wud5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/57336?format=json","vulnerability_id":"VCID-paez-g9wh-mfeq","summary":"Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which arbitrary code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6609","reference_id":"","reference_type":"","scores":[{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68638","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68664","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68707","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68614","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.6862","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68683","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00572","scoring_system":"epss","scoring_elements":"0.68665","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6609"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6609","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6609"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-29/","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-32/","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-32/"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839258","reference_id":"show_bug.cgi?id=1839258","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T19:02:00Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1839258"},{"reference_url":"https://usn.ubuntu.com/6890-1/","reference_id":"USN-6890-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6890-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2024-6609"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-paez-g9wh-mfeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39137?format=json","vulnerability_id":"VCID-rk7t-zjzg-eqar","summary":"NSS has multiple information disclosure vulnerabilities when\n    handling secret key material.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12401.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12401.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12401","reference_id":"","reference_type":"","scores":[{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40566","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40604","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40585","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40514","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40595","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40622","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00187","scoring_system":"epss","scoring_elements":"0.40544","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12401"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851294","reference_id":"1851294","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1851294"},{"reference_url":"https://security.gentoo.org/glsa/202008-08","reference_id":"GLSA-202008-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-08"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4455-1/","reference_id":"USN-4455-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4455-1/"},{"reference_url":"https://usn.ubuntu.com/4474-1/","reference_id":"USN-4474-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4474-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12401"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rk7t-zjzg-eqar"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39140?format=json","vulnerability_id":"VCID-szzk-wxm2-cfgj","summary":"NSS has multiple information disclosure vulnerabilities when\n    handling secret key material.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12403.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12403","reference_id":"","reference_type":"","scores":[{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70331","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70344","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70361","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70339","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70385","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.704","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70424","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70408","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00635","scoring_system":"epss","scoring_elements":"0.70394","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12403"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868931","reference_id":"1868931","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1868931"},{"reference_url":"https://security.gentoo.org/glsa/202008-08","reference_id":"GLSA-202008-08","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202008-08"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0538","reference_id":"RHSA-2021:0538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0538"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0758","reference_id":"RHSA-2021:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1026","reference_id":"RHSA-2021:1026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1026"},{"reference_url":"https://usn.ubuntu.com/4476-1/","reference_id":"USN-4476-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4476-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12403"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-szzk-wxm2-cfgj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33641?format=json","vulnerability_id":"VCID-vjas-pry4-93cz","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12402","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28086","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28102","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28174","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28079","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826231","reference_id":"1826231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826231"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152","reference_id":"963152","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152"},{"reference_url":"https://security.gentoo.org/glsa/202007-10","reference_id":"GLSA-202007-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24","reference_id":"mfsa2020-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29","reference_id":"mfsa2020-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4417-1/","reference_id":"USN-4417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4417-1/"},{"reference_url":"https://usn.ubuntu.com/4417-2/","reference_id":"USN-4417-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4417-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12402"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjas-pry4-93cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/62742?format=json","vulnerability_id":"VCID-vszp-vyxy-f7g7","summary":"Integer overflow in the Libraries component in NSS. This vulnerability affects Firefox < 148, Firefox ESR < 140.8, Thunderbird < 148, and Thunderbird < 140.8.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-2781.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781","reference_id":"","reference_type":"","scores":[{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15358","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15422","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15461","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15497","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15489","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.15447","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1536","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0005","scoring_system":"epss","scoring_elements":"0.1556","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2026-2781"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-2781"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292","reference_id":"2442292","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2442292"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-13"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-13/","reference_id":"mfsa2026-13","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-13/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-15"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-15/","reference_id":"mfsa2026-15","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-15/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-16"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-16/","reference_id":"mfsa2026-16","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-16/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2026-17"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2026-17/","reference_id":"mfsa2026-17","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2026-17/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3338","reference_id":"RHSA-2026:3338","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3339","reference_id":"RHSA-2026:3339","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3361","reference_id":"RHSA-2026:3361","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3361"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3491","reference_id":"RHSA-2026:3491","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3491"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3492","reference_id":"RHSA-2026:3492","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3492"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3493","reference_id":"RHSA-2026:3493","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3493"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3494","reference_id":"RHSA-2026:3494","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3494"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3495","reference_id":"RHSA-2026:3495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3496","reference_id":"RHSA-2026:3496","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3496"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3497","reference_id":"RHSA-2026:3497","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3497"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3515","reference_id":"RHSA-2026:3515","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3515"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3516","reference_id":"RHSA-2026:3516","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3517","reference_id":"RHSA-2026:3517","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3976","reference_id":"RHSA-2026:3976","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3976"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3978","reference_id":"RHSA-2026:3978","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3978"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3979","reference_id":"RHSA-2026:3979","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3980","reference_id":"RHSA-2026:3980","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3980"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3981","reference_id":"RHSA-2026:3981","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3981"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3982","reference_id":"RHSA-2026:3982","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3982"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3983","reference_id":"RHSA-2026:3983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:3984","reference_id":"RHSA-2026:3984","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:3984"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4022","reference_id":"RHSA-2026:4022","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4022"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4152","reference_id":"RHSA-2026:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4260","reference_id":"RHSA-2026:4260","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4260"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:4432","reference_id":"RHSA-2026:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:4432"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552","reference_id":"show_bug.cgi?id=2009552","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-02-26T20:07:29Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=2009552"},{"reference_url":"https://usn.ubuntu.com/8071-1/","reference_id":"USN-8071-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-1/"},{"reference_url":"https://usn.ubuntu.com/8071-2/","reference_id":"USN-8071-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/8071-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2026-2781"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vszp-vyxy-f7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31920?format=json","vulnerability_id":"VCID-vzb9-aeqz-hybr","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11745","reference_id":"","reference_type":"","scores":[{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74133","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74105","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74137","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74152","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74174","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74155","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74101","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74107","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1774831","reference_id":"1774831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1774831"},{"reference_url":"https://security.archlinux.org/ASA-201912-1","reference_id":"ASA-201912-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-1"},{"reference_url":"https://security.archlinux.org/ASA-201912-2","reference_id":"ASA-201912-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-2"},{"reference_url":"https://security.archlinux.org/AVG-1071","reference_id":"AVG-1071","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1071"},{"reference_url":"https://security.archlinux.org/AVG-1072","reference_id":"AVG-1072","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1072"},{"reference_url":"https://security.gentoo.org/glsa/202003-02","reference_id":"GLSA-202003-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-02"},{"reference_url":"https://security.gentoo.org/glsa/202003-10","reference_id":"GLSA-202003-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-10"},{"reference_url":"https://security.gentoo.org/glsa/202003-37","reference_id":"GLSA-202003-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36","reference_id":"mfsa2019-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37","reference_id":"mfsa2019-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38","reference_id":"mfsa2019-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4114","reference_id":"RHSA-2019:4114","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4114"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4152","reference_id":"RHSA-2019:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4190","reference_id":"RHSA-2019:4190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0243","reference_id":"RHSA-2020:0243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0466","reference_id":"RHSA-2020:0466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1267","reference_id":"RHSA-2020:1267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1345","reference_id":"RHSA-2020:1345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1461","reference_id":"RHSA-2020:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1461"},{"reference_url":"https://usn.ubuntu.com/4203-1/","reference_id":"USN-4203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4203-1/"},{"reference_url":"https://usn.ubuntu.com/4203-2/","reference_id":"USN-4203-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4203-2/"},{"reference_url":"https://usn.ubuntu.com/4216-1/","reference_id":"USN-4216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4216-1/"},{"reference_url":"https://usn.ubuntu.com/4216-2/","reference_id":"USN-4216-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4216-2/"},{"reference_url":"https://usn.ubuntu.com/4241-1/","reference_id":"USN-4241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4241-1/"},{"reference_url":"https://usn.ubuntu.com/4335-1/","reference_id":"USN-4335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11745"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzb9-aeqz-hybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36103?format=json","vulnerability_id":"VCID-w794-gqex-83du","summary":"Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6602.json","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6602.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6602","reference_id":"","reference_type":"","scores":[{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.7349","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73497","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73448","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73493","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.7348","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73443","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73471","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00768","scoring_system":"epss","scoring_elements":"0.73517","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-6602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6602"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6603"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-6604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7652"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296637","reference_id":"2296637","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2296637"},{"reference_url":"https://security.gentoo.org/glsa/202412-04","reference_id":"GLSA-202412-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-04"},{"reference_url":"https://security.gentoo.org/glsa/202412-06","reference_id":"GLSA-202412-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-06"},{"reference_url":"https://security.gentoo.org/glsa/202412-13","reference_id":"GLSA-202412-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202412-13"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-29"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-29/","reference_id":"mfsa2024-29","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-29/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-30"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-30/","reference_id":"mfsa2024-30","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-30/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-31"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-31/","reference_id":"mfsa2024-31","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-31/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2024-32"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2024-32/","reference_id":"mfsa2024-32","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2024-32/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4625","reference_id":"RHSA-2024:4625","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4625"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4670","reference_id":"RHSA-2024:4670","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4670"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4671","reference_id":"RHSA-2024:4671","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4671"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4717","reference_id":"RHSA-2024:4717","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4717"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4718","reference_id":"RHSA-2024:4718","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4718"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4894","reference_id":"RHSA-2024:4894","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4894"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:6839","reference_id":"RHSA-2024:6839","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:6839"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1895032","reference_id":"show_bug.cgi?id=1895032","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-01-09T16:54:31Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1895032"},{"reference_url":"https://usn.ubuntu.com/6890-1/","reference_id":"USN-6890-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6890-1/"},{"reference_url":"https://usn.ubuntu.com/6903-1/","reference_id":"USN-6903-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6903-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994642?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-gret-hn3p-5kbk"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u1"}],"aliases":["CVE-2024-6602"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-w794-gqex-83du"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/36427?format=json","vulnerability_id":"VCID-wavp-f4kn-j3cm","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11727.json","reference_id":"","reference_type":"","scores":[{"value":"3.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11727.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11727","reference_id":"","reference_type":"","scores":[{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48111","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48106","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48101","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48124","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.481","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48045","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48082","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48103","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00248","scoring_system":"epss","scoring_elements":"0.48053","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11727"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730988","reference_id":"1730988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1730988"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://security.gentoo.org/glsa/201908-12","reference_id":"GLSA-201908-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201908-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4054-1/","reference_id":"USN-4054-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4054-1/"},{"reference_url":"https://usn.ubuntu.com/4060-1/","reference_id":"USN-4060-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4060-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11727"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wavp-f4kn-j3cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82699?format=json","vulnerability_id":"VCID-x1ty-wqph-gkak","summary":"nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17007","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53893","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5391","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53938","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53965","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54011","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53976","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703979","reference_id":"1703979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2237","reference_id":"RHSA-2019:2237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://usn.ubuntu.com/4215-1/","reference_id":"USN-4215-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4215-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17007"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ty-wqph-gkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31168?format=json","vulnerability_id":"VCID-y43f-tmvr-hqas","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32419","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32454","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572","reference_id":"2039572","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028","reference_id":"show_bug.cgi?id=1735028","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"},{"reference_url":"https://usn.ubuntu.com/5506-1/","reference_id":"USN-5506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5506-1/"},{"reference_url":"https://usn.ubuntu.com/5872-1/","reference_id":"USN-5872-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5872-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2022-22747"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y43f-tmvr-hqas"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/63130?format=json","vulnerability_id":"VCID-6fvj-phnx-kfgs","summary":"After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17023.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17023","reference_id":"","reference_type":"","scores":[{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75599","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75663","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75657","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75682","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75601","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75632","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00899","scoring_system":"epss","scoring_elements":"0.75646","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791225","reference_id":"1791225","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1791225"},{"reference_url":"https://security.archlinux.org/ASA-202001-1","reference_id":"ASA-202001-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202001-1"},{"reference_url":"https://security.archlinux.org/AVG-1084","reference_id":"AVG-1084","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1084"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01","reference_id":"mfsa2020-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4234-1/","reference_id":"USN-4234-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4234-1/"},{"reference_url":"https://usn.ubuntu.com/4397-1/","reference_id":"USN-4397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17023"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6fvj-phnx-kfgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81704?format=json","vulnerability_id":"VCID-7msj-wyd6-zkbe","summary":"nss: Check length of inputs for cryptographic primitives","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17006.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17006","reference_id":"","reference_type":"","scores":[{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86605","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86617","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86636","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86635","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86654","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86664","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86677","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86675","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03036","scoring_system":"epss","scoring_elements":"0.86668","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1775916","reference_id":"1775916","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1775916"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0758","reference_id":"RHSA-2021:0758","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0758"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:1026","reference_id":"RHSA-2021:1026","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:1026"},{"reference_url":"https://usn.ubuntu.com/4231-1/","reference_id":"USN-4231-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4231-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17006"],"risk_score":3.6,"exploitability":"0.5","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7msj-wyd6-zkbe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/51558?format=json","vulnerability_id":"VCID-dh3c-g3k3-zkb7","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could lead to the execution of arbitrary code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7805.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7805","reference_id":"","reference_type":"","scores":[{"value":"0.03211","scoring_system":"epss","scoring_elements":"0.8703","published_at":"2026-04-13T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88141","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88207","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88197","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88191","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88149","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88199","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88166","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03851","scoring_system":"epss","scoring_elements":"0.88171","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7805"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1377618","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1377618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7793"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7810"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7818"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7819"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7823"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7824"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:S/C:C/I:C/A:C"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2017/11/msg00000.html"},{"reference_url":"https://www.debian.org/security/2017/dsa-3987","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3987"},{"reference_url":"https://www.debian.org/security/2017/dsa-3998","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-3998"},{"reference_url":"https://www.debian.org/security/2017/dsa-4014","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2017/dsa-4014"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-21/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-21/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-22/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-22/"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2017-23/","reference_id":"","reference_type":"","scores":[],"url":"https://www.mozilla.org/security/advisories/mfsa2017-23/"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html","reference_id":"","reference_type":"","scores":[],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"},{"reference_url":"http://www.securityfocus.com/bid/101059","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/101059"},{"reference_url":"http://www.securitytracker.com/id/1039465","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1039465"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1471171","reference_id":"1471171","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1471171"},{"reference_url":"https://security.archlinux.org/ASA-201710-19","reference_id":"ASA-201710-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-19"},{"reference_url":"https://security.archlinux.org/AVG-441","reference_id":"AVG-441","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-441"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:52.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:56.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:thunderbird:52.4.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7805","reference_id":"CVE-2017-7805","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7805"},{"reference_url":"https://security.gentoo.org/glsa/201802-03","reference_id":"GLSA-201802-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201802-03"},{"reference_url":"https://security.gentoo.org/glsa/201803-14","reference_id":"GLSA-201803-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201803-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21","reference_id":"mfsa2017-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22","reference_id":"mfsa2017-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23","reference_id":"mfsa2017-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2832","reference_id":"RHSA-2017:2832","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2832"},{"reference_url":"https://usn.ubuntu.com/3431-1/","reference_id":"USN-3431-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3431-1/"},{"reference_url":"https://usn.ubuntu.com/3435-1/","reference_id":"USN-3435-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3435-1/"},{"reference_url":"https://usn.ubuntu.com/3436-1/","reference_id":"USN-3436-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3436-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035553?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ekxy-vaed-u7cg"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-gfj6-dsud-g3fh"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-kxvg-qw8v-vydv"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-t89f-eksr-juen"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/1037282?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-dh3c-g3k3-zkb7"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-fgv4-bz59-h7g7"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-jvrr-2gej-bfby"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"},{"vulnerability":"VCID-ykkw-a6a1-43fe"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2017-7805"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dh3c-g3k3-zkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60444?format=json","vulnerability_id":"VCID-fgv4-bz59-h7g7","summary":"Multiple vulnerabilities have been found in Mozilla Network\n    Security Service (NSS), the worst of which may lead to arbitrary code\n    execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18508.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-18508.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18508","reference_id":"","reference_type":"","scores":[{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68142","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68165","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68183","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68161","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68212","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68228","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68253","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.6824","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00558","scoring_system":"epss","scoring_elements":"0.68206","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-18508"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18508"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671310","reference_id":"1671310","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1671310"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921614","reference_id":"921614","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=921614"},{"reference_url":"https://security.gentoo.org/glsa/202003-37","reference_id":"GLSA-202003-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-37"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://usn.ubuntu.com/3898-1/","reference_id":"USN-3898-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3898-1/"},{"reference_url":"https://usn.ubuntu.com/3898-2/","reference_id":"USN-3898-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3898-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2018-18508"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgv4-bz59-h7g7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/56913?format=json","vulnerability_id":"VCID-jrsz-ynp7-wbb2","summary":"Multiple vulnerabilities have been discovered in NSS, the worst of which could result in arbitrary code execution.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-43527.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43527","reference_id":"","reference_type":"","scores":[{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89954","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89971","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89976","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89984","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05243","scoring_system":"epss","scoring_elements":"0.89975","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.9008","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.90065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0538","scoring_system":"epss","scoring_elements":"0.90068","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-43527"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024370","reference_id":"2024370","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2024370"},{"reference_url":"https://security.archlinux.org/ASA-202112-3","reference_id":"ASA-202112-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-3"},{"reference_url":"https://security.archlinux.org/ASA-202112-4","reference_id":"ASA-202112-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-4"},{"reference_url":"https://security.archlinux.org/AVG-2596","reference_id":"AVG-2596","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2596"},{"reference_url":"https://security.archlinux.org/AVG-2597","reference_id":"AVG-2597","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2597"},{"reference_url":"https://security.gentoo.org/glsa/202212-05","reference_id":"GLSA-202212-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202212-05"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51","reference_id":"mfsa2021-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4903","reference_id":"RHSA-2021:4903","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4903"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4904","reference_id":"RHSA-2021:4904","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4904"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4907","reference_id":"RHSA-2021:4907","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4907"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4909","reference_id":"RHSA-2021:4909","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4909"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4919","reference_id":"RHSA-2021:4919","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4919"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4932","reference_id":"RHSA-2021:4932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4933","reference_id":"RHSA-2021:4933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4946","reference_id":"RHSA-2021:4946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4953","reference_id":"RHSA-2021:4953","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4953"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4954","reference_id":"RHSA-2021:4954","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4954"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4969","reference_id":"RHSA-2021:4969","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4969"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:4994","reference_id":"RHSA-2021:4994","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:4994"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5006","reference_id":"RHSA-2021:5006","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5006"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:5035","reference_id":"RHSA-2021:5035","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:5035"},{"reference_url":"https://usn.ubuntu.com/5168-1/","reference_id":"USN-5168-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-1/"},{"reference_url":"https://usn.ubuntu.com/5168-2/","reference_id":"USN-5168-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-2/"},{"reference_url":"https://usn.ubuntu.com/5168-3/","reference_id":"USN-5168-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-3/"},{"reference_url":"https://usn.ubuntu.com/5168-4/","reference_id":"USN-5168-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5168-4/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2021-43527"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jrsz-ynp7-wbb2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83179?format=json","vulnerability_id":"VCID-jvrr-2gej-bfby","summary":"nss: ServerHello.random is all zeros when handling a v2-compatible ClientHello","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12384.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12384","reference_id":"","reference_type":"","scores":[{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70029","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70041","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70056","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70034","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70081","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70097","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.7012","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70106","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00622","scoring_system":"epss","scoring_elements":"0.70093","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12384"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12384"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622089","reference_id":"1622089","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1622089"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332","reference_id":"908332","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908332"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2768","reference_id":"RHSA-2018:2768","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:2898","reference_id":"RHSA-2018:2898","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:2898"},{"reference_url":"https://usn.ubuntu.com/3850-1/","reference_id":"USN-3850-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-1/"},{"reference_url":"https://usn.ubuntu.com/3850-2/","reference_id":"USN-3850-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2018-12384"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jvrr-2gej-bfby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/61777?format=json","vulnerability_id":"VCID-k2s2-zkua-8ydy","summary":"NSS has an information disclosure vulnerability when handling DSA\n    keys.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12399.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12399","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26737","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2693","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26718","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26787","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26836","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26839","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26794","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26854","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26895","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826177","reference_id":"1826177","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826177"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752","reference_id":"961752","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=961752"},{"reference_url":"https://security.archlinux.org/ASA-202006-1","reference_id":"ASA-202006-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-1"},{"reference_url":"https://security.archlinux.org/ASA-202006-4","reference_id":"ASA-202006-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-4"},{"reference_url":"https://security.archlinux.org/AVG-1173","reference_id":"AVG-1173","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1173"},{"reference_url":"https://security.archlinux.org/AVG-1179","reference_id":"AVG-1179","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1179"},{"reference_url":"https://security.gentoo.org/glsa/202007-49","reference_id":"GLSA-202007-49","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-49"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20","reference_id":"mfsa2020-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21","reference_id":"mfsa2020-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22","reference_id":"mfsa2020-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://usn.ubuntu.com/4383-1/","reference_id":"USN-4383-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4383-1/"},{"reference_url":"https://usn.ubuntu.com/4397-1/","reference_id":"USN-4397-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-1/"},{"reference_url":"https://usn.ubuntu.com/4397-2/","reference_id":"USN-4397-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4397-2/"},{"reference_url":"https://usn.ubuntu.com/4421-1/","reference_id":"USN-4421-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4421-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12399"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k2s2-zkua-8ydy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33641?format=json","vulnerability_id":"VCID-vjas-pry4-93cz","summary":"Multiple vulnerabilities have been found in Mozilla Firefox, the\n    worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-12402.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12402","reference_id":"","reference_type":"","scores":[{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28029","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28122","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28129","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28086","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28102","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28174","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28218","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00102","scoring_system":"epss","scoring_elements":"0.28079","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826231","reference_id":"1826231","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1826231"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152","reference_id":"963152","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=963152"},{"reference_url":"https://security.gentoo.org/glsa/202007-10","reference_id":"GLSA-202007-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202007-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24","reference_id":"mfsa2020-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29","reference_id":"mfsa2020-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3280","reference_id":"RHSA-2020:3280","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3280"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:4076","reference_id":"RHSA-2020:4076","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:4076"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0949","reference_id":"RHSA-2021:0949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0949"},{"reference_url":"https://usn.ubuntu.com/4417-1/","reference_id":"USN-4417-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4417-1/"},{"reference_url":"https://usn.ubuntu.com/4417-2/","reference_id":"USN-4417-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4417-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12402"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vjas-pry4-93cz"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31920?format=json","vulnerability_id":"VCID-vzb9-aeqz-hybr","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird,\n    the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-11745.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11745","reference_id":"","reference_type":"","scores":[{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74149","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74133","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74105","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74137","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74152","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74174","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74155","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74101","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00806","scoring_system":"epss","scoring_elements":"0.74107","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1774831","reference_id":"1774831","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1774831"},{"reference_url":"https://security.archlinux.org/ASA-201912-1","reference_id":"ASA-201912-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-1"},{"reference_url":"https://security.archlinux.org/ASA-201912-2","reference_id":"ASA-201912-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-2"},{"reference_url":"https://security.archlinux.org/AVG-1071","reference_id":"AVG-1071","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1071"},{"reference_url":"https://security.archlinux.org/AVG-1072","reference_id":"AVG-1072","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1072"},{"reference_url":"https://security.gentoo.org/glsa/202003-02","reference_id":"GLSA-202003-02","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-02"},{"reference_url":"https://security.gentoo.org/glsa/202003-10","reference_id":"GLSA-202003-10","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-10"},{"reference_url":"https://security.gentoo.org/glsa/202003-37","reference_id":"GLSA-202003-37","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202003-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36","reference_id":"mfsa2019-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37","reference_id":"mfsa2019-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38","reference_id":"mfsa2019-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4114","reference_id":"RHSA-2019:4114","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4114"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4152","reference_id":"RHSA-2019:4152","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4152"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:4190","reference_id":"RHSA-2019:4190","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:4190"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0243","reference_id":"RHSA-2020:0243","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0243"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0466","reference_id":"RHSA-2020:0466","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0466"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1267","reference_id":"RHSA-2020:1267","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1267"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1345","reference_id":"RHSA-2020:1345","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1345"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1461","reference_id":"RHSA-2020:1461","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1461"},{"reference_url":"https://usn.ubuntu.com/4203-1/","reference_id":"USN-4203-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4203-1/"},{"reference_url":"https://usn.ubuntu.com/4203-2/","reference_id":"USN-4203-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4203-2/"},{"reference_url":"https://usn.ubuntu.com/4216-1/","reference_id":"USN-4216-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4216-1/"},{"reference_url":"https://usn.ubuntu.com/4216-2/","reference_id":"USN-4216-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4216-2/"},{"reference_url":"https://usn.ubuntu.com/4241-1/","reference_id":"USN-4241-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4241-1/"},{"reference_url":"https://usn.ubuntu.com/4335-1/","reference_id":"USN-4335-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4335-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11745"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vzb9-aeqz-hybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82699?format=json","vulnerability_id":"VCID-x1ty-wqph-gkak","summary":"nss: Handling of Netscape Certificate Sequences in CERT_DecodeCertPackage() may crash with a NULL deref leading to DoS","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-17007.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17007","reference_id":"","reference_type":"","scores":[{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53893","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.5391","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53938","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53913","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53965","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53964","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.54011","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53994","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00308","scoring_system":"epss","scoring_elements":"0.53976","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17007"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703979","reference_id":"1703979","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1703979"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:1951","reference_id":"RHSA-2019:1951","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:1951"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2237","reference_id":"RHSA-2019:2237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2237"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0876","reference_id":"RHSA-2021:0876","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0876"},{"reference_url":"https://usn.ubuntu.com/4215-1/","reference_id":"USN-4215-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4215-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17007"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x1ty-wqph-gkak"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31168?format=json","vulnerability_id":"VCID-y43f-tmvr-hqas","summary":"Multiple vulnerabilities have been found in Mozilla Thunderbird, the worst of which could result in the arbitrary execution of code.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747","reference_id":"","reference_type":"","scores":[{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32419","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32446","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32582","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32546","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32485","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.3248","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32406","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0013","scoring_system":"epss","scoring_elements":"0.32454","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572","reference_id":"2039572","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2039572"},{"reference_url":"https://security.gentoo.org/glsa/202202-03","reference_id":"GLSA-202202-03","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202202-03"},{"reference_url":"https://security.gentoo.org/glsa/202208-14","reference_id":"GLSA-202208-14","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202208-14"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-01/","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-01/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-02/","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-02/"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"},{"reference_url":"https://www.mozilla.org/security/advisories/mfsa2022-03/","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://www.mozilla.org/security/advisories/mfsa2022-03/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0123","reference_id":"RHSA-2022:0123","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0123"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0124","reference_id":"RHSA-2022:0124","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0124"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0125","reference_id":"RHSA-2022:0125","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0125"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0126","reference_id":"RHSA-2022:0126","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0126"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0127","reference_id":"RHSA-2022:0127","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0127"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0128","reference_id":"RHSA-2022:0128","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0128"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0129","reference_id":"RHSA-2022:0129","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0129"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0130","reference_id":"RHSA-2022:0130","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0131","reference_id":"RHSA-2022:0131","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0131"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0132","reference_id":"RHSA-2022:0132","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0132"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028","reference_id":"show_bug.cgi?id=1735028","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-16T15:04:07Z/"}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=1735028"},{"reference_url":"https://usn.ubuntu.com/5229-1/","reference_id":"USN-5229-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5229-1/"},{"reference_url":"https://usn.ubuntu.com/5246-1/","reference_id":"USN-5246-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5246-1/"},{"reference_url":"https://usn.ubuntu.com/5248-1/","reference_id":"USN-5248-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5248-1/"},{"reference_url":"https://usn.ubuntu.com/5506-1/","reference_id":"USN-5506-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5506-1/"},{"reference_url":"https://usn.ubuntu.com/5872-1/","reference_id":"USN-5872-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5872-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/994641?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2tts-gwgd-zqcz"},{"vulnerability":"VCID-3nrj-5r53-37ab"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-w794-gqex-83du"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2022-22747"],"risk_score":4.0,"exploitability":"0.5","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y43f-tmvr-hqas"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/82973?format=json","vulnerability_id":"VCID-ykkw-a6a1-43fe","summary":"nss: Cache side-channel variant of the Bleichenbacher attack","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12404.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-12404.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12404","reference_id":"","reference_type":"","scores":[{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94413","published_at":"2026-04-01T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.9442","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.9443","published_at":"2026-04-04T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94433","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94442","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94446","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94449","published_at":"2026-04-11T12:55:00Z"},{"value":"0.14501","scoring_system":"epss","scoring_elements":"0.94451","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-12404"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-12404"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1657913","reference_id":"1657913","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1657913"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2237","reference_id":"RHSA-2019:2237","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2237"},{"reference_url":"https://usn.ubuntu.com/3850-1/","reference_id":"USN-3850-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-1/"},{"reference_url":"https://usn.ubuntu.com/3850-2/","reference_id":"USN-3850-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3850-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037931?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2zrv-q4tb-wqeg"},{"vulnerability":"VCID-46cy-x3cp-tke5"},{"vulnerability":"VCID-6fvj-phnx-kfgs"},{"vulnerability":"VCID-7msj-wyd6-zkbe"},{"vulnerability":"VCID-8qtg-h4km-bfg2"},{"vulnerability":"VCID-cgvg-aj53-kkbp"},{"vulnerability":"VCID-ewe9-39b1-kba2"},{"vulnerability":"VCID-hs5f-21nx-gfeb"},{"vulnerability":"VCID-jrsz-ynp7-wbb2"},{"vulnerability":"VCID-k2s2-zkua-8ydy"},{"vulnerability":"VCID-k4a4-f1as-x3bj"},{"vulnerability":"VCID-mx8t-s47w-wud5"},{"vulnerability":"VCID-paez-g9wh-mfeq"},{"vulnerability":"VCID-rk7t-zjzg-eqar"},{"vulnerability":"VCID-szzk-wxm2-cfgj"},{"vulnerability":"VCID-vjas-pry4-93cz"},{"vulnerability":"VCID-vszp-vyxy-f7g7"},{"vulnerability":"VCID-vzb9-aeqz-hybr"},{"vulnerability":"VCID-w794-gqex-83du"},{"vulnerability":"VCID-wavp-f4kn-j3cm"},{"vulnerability":"VCID-x1ty-wqph-gkak"},{"vulnerability":"VCID-y43f-tmvr-hqas"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2018-12404"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ykkw-a6a1-43fe"}],"risk_score":"4.5","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}