{"url":"http://public2.vulnerablecode.io/api/packages/119602?format=json","purl":"pkg:deb/debian/nss@3.13?distro=trixie","type":"deb","namespace":"debian","name":"nss","version":"3.13","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.13.1.with.ckbi.1.88-1","latest_non_vulnerable_version":"2:3.124-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95456?format=json","vulnerability_id":"VCID-bvny-ts8d-7fcy","summary":"The SSLv2 protocol, as used in OpenSSL before 1.0.1s and 1.0.2 before 1.0.2g and other products, requires a server to send a ServerVerify message before establishing that a client possesses certain plaintext RSA data, which makes it easier for remote attackers to decrypt TLS ciphertext data by leveraging a Bleichenbacher RSA padding oracle, aka a \"DROWN\" attack.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0800.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0800.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0800","reference_id":"","reference_type":"","scores":[{"value":"0.90348","scoring_system":"epss","scoring_elements":"0.99617","published_at":"2026-06-08T12:55:00Z"},{"value":"0.90348","scoring_system":"epss","scoring_elements":"0.99618","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0800"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0800"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310593","reference_id":"1310593","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1310593"},{"reference_url":"https://security.gentoo.org/glsa/201603-15","reference_id":"GLSA-201603-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201603-15"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0301","reference_id":"RHSA-2016:0301","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0301"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0302","reference_id":"RHSA-2016:0302","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0302"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0303","reference_id":"RHSA-2016:0303","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0303"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0304","reference_id":"RHSA-2016:0304","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0304"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0305","reference_id":"RHSA-2016:0305","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0305"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0306","reference_id":"RHSA-2016:0306","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0306"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0372","reference_id":"RHSA-2016:0372","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0372"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0379","reference_id":"RHSA-2016:0379","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0379"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0445","reference_id":"RHSA-2016:0445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0446","reference_id":"RHSA-2016:0446","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0446"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:0490","reference_id":"RHSA-2016:0490","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:0490"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1519","reference_id":"RHSA-2016:1519","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1519"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119602?format=json","purl":"pkg:deb/debian/nss@3.13?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.13%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119566?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119564?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ckmw-656v-byhx"},{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119569?format=json","purl":"pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119567?format=json","purl":"pkg:deb/debian/nss@2:3.124-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie"}],"aliases":["CVE-2016-0800"],"risk_score":1.6,"exploitability":"2.0","weighted_severity":"0.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bvny-ts8d-7fcy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.13%3Fdistro=trixie"}