{"url":"http://public2.vulnerablecode.io/api/packages/119608?format=json","purl":"pkg:deb/debian/nss@2:3.25-1?distro=trixie","type":"deb","namespace":"debian","name":"nss","version":"2:3.25-1","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2:3.26.2-1","latest_non_vulnerable_version":"2:3.124-1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95460?format=json","vulnerability_id":"VCID-7sdg-5m78-tufe","summary":"It was found that Diffie Hellman Client key exchange handling in NSS 3.21.x was vulnerable to small subgroup confinement attack. An attacker could use this flaw to recover private keys by confining the client DH key to small subgroup of the desired group.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8635.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-8635.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8635","reference_id":"","reference_type":"","scores":[{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61966","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62015","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.61995","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62022","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00415","scoring_system":"epss","scoring_elements":"0.62011","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-8635"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-8635"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391818","reference_id":"1391818","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1391818"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2779","reference_id":"RHSA-2016:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2779"},{"reference_url":"https://usn.ubuntu.com/3163-1/","reference_id":"USN-3163-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3163-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119608?format=json","purl":"pkg:deb/debian/nss@2:3.25-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.25-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119566?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119564?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ckmw-656v-byhx"},{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119569?format=json","purl":"pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119567?format=json","purl":"pkg:deb/debian/nss@2:3.124-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie"}],"aliases":["CVE-2016-8635"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7sdg-5m78-tufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95463?format=json","vulnerability_id":"VCID-j4yk-bd5w-6qed","summary":"nss before version 3.30 is vulnerable to a remote denial of service during the session handshake when using SessionTicket extension and ECDHE-ECDSA.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9574.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9574.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9574","reference_id":"","reference_type":"","scores":[{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39922","published_at":"2026-06-04T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40004","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.40007","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39979","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.39952","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00184","scoring_system":"epss","scoring_elements":"0.3997","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-9574"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9574"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404568","reference_id":"1404568","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1404568"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119608?format=json","purl":"pkg:deb/debian/nss@2:3.25-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.25-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119566?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119564?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ckmw-656v-byhx"},{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119569?format=json","purl":"pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119567?format=json","purl":"pkg:deb/debian/nss@2:3.124-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie"}],"aliases":["CVE-2016-9574"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-j4yk-bd5w-6qed"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/95459?format=json","vulnerability_id":"VCID-sg19-pqwc-aqa4","summary":"A Null pointer dereference vulnerability exists in Mozilla Network Security Services due to a missing NULL check in PK11_SignWithSymKey / ssl3_ComputeRecordMACConstantTime, which could let a remote malicious user cause a Denial of Service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5285.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-5285.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5285","reference_id":"","reference_type":"","scores":[{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82202","published_at":"2026-06-04T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82231","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82232","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82233","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.82227","published_at":"2026-06-08T12:55:00Z"},{"value":"0.01626","scoring_system":"epss","scoring_elements":"0.8224","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5285"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5285"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:C"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383883","reference_id":"1383883","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1383883"},{"reference_url":"https://security.gentoo.org/glsa/201701-46","reference_id":"GLSA-201701-46","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-46"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:2779","reference_id":"RHSA-2016:2779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:2779"},{"reference_url":"https://usn.ubuntu.com/3163-1/","reference_id":"USN-3163-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3163-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/119608?format=json","purl":"pkg:deb/debian/nss@2:3.25-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.25-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119566?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119564?format=json","purl":"pkg:deb/debian/nss@2:3.87.1-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-ckmw-656v-byhx"},{"vulnerability":"VCID-e9n9-xud9-dkgv"},{"vulnerability":"VCID-je5a-edxm-rybv"},{"vulnerability":"VCID-wjka-dkr1-m7eu"},{"vulnerability":"VCID-yasd-f1n9-sbew"},{"vulnerability":"VCID-ybek-h33z-v7dr"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.87.1-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119569?format=json","purl":"pkg:deb/debian/nss@2:3.110-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.110-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/119567?format=json","purl":"pkg:deb/debian/nss@2:3.124-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.124-1%3Fdistro=trixie"}],"aliases":["CVE-2016-5285"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sg19-pqwc-aqa4"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.25-1%3Fdistro=trixie"}