{"url":"http://public2.vulnerablecode.io/api/packages/4084?format=json","purl":"pkg:deb/debian/nss@3.12.8-1%2Bsqueeze14","type":"deb","namespace":"debian","name":"nss","version":"3.12.8-1+squeeze14","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:3.61-1+deb11u3","latest_non_vulnerable_version":"2:3.61-1+deb11u3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1577?format=json","vulnerability_id":"VCID-1btz-x11h-wbe3","summary":"Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1btz-x11h-wbe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1981?format=json","vulnerability_id":"VCID-2amq-1dpv-r7ce","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605","reference_id":"CVE-2013-5605","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-5605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2amq-1dpv-r7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2105?format=json","vulnerability_id":"VCID-4gzd-m5g6-rbgm","summary":"Mozilla community member Ambroz Bizjak reported an\nout-of-bounds array read in the CERT_DecodeCertPackage function of\nthe Network Security Services (NSS) library when decoding a certificate. When\nthis occurs, it will lead to memory corruption and a non-exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791","reference_id":"CVE-2013-0791","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-40","reference_id":"mfsa2013-40","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-40"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"}],"aliases":["CVE-2013-0791"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gzd-m5g6-rbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2931?format=json","vulnerability_id":"VCID-7gkv-pu79-43hx","summary":"Security researcher Matthew Green reported a Diffie–Hellman\n(DHE) key processing issue in Network Security Services (NSS) where a\nman-in-the-middle (MITM) attacker can force a server to downgrade TLS\nconnections to 512-bit export-grade cryptography by modifying client\nrequests to include only export-grade cipher suites. The resulting\nweak key can then be leveraged to impersonate the server. This attack\nis detailed in the \"Imperfect Forward\nSecrecy: How Diffie-Hellman Fails in Practice\" paper and is known as the\n\"Logjam Attack.\"This issue was fixed in NSS version 3.19.1 by limiting the lower strength of\nsupported DHE keys to use 1023 bit primes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"CVE-2015-4000","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70","reference_id":"mfsa2015-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-4000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2961?format=json","vulnerability_id":"VCID-81zk-xrsj-cufe","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"CVE-2015-7575","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150","reference_id":"mfsa2015-150","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7575"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3088?format=json","vulnerability_id":"VCID-9pxb-dcy9-gybh","summary":"Mozilla community member Watson Ladd reported that the\nimplementation of Elliptical Curve Cryptography (ECC) multiplication for\nElliptic Curve Digital Signature Algorithm (ECDSA) signature validation in\nNetwork Security Services (NSS) did not handle exceptional cases correctly. This\ncould potentially allow for signature forgery. This issue was fixed in NSS\nversion 3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730","reference_id":"CVE-2015-2730","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64","reference_id":"mfsa2015-64","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2730"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pxb-dcy9-gybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=json","vulnerability_id":"VCID-9wc3-cjef-3ucq","summary":"Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1950"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1580?format=json","vulnerability_id":"VCID-9wkp-gr2p-kuda","summary":"When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11719"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wkp-gr2p-kuda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/507?format=json","vulnerability_id":"VCID-aabg-akur-cyf3","summary":"During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805"},{"reference_url":"https://security.archlinux.org/ASA-201710-19","reference_id":"ASA-201710-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-19"},{"reference_url":"https://security.archlinux.org/AVG-441","reference_id":"AVG-441","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-441"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21","reference_id":"mfsa2017-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22","reference_id":"mfsa2017-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23","reference_id":"mfsa2017-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2017-7805"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aabg-akur-cyf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1151?format=json","vulnerability_id":"VCID-bw2w-68hs-3bcd","summary":"After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://security.archlinux.org/ASA-202001-1","reference_id":"ASA-202001-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202001-1"},{"reference_url":"https://security.archlinux.org/AVG-1084","reference_id":"AVG-1084","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1084"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01","reference_id":"mfsa2020-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17023"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bw2w-68hs-3bcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2773?format=json","vulnerability_id":"VCID-bzab-cse9-uudk","summary":"Mozilla developer Brian Smith and security researchers\nAntoine Delignat-Lavaud and Karthikeyan\nBhargavan of the Prosecco research team at INRIA Paris reported issues\nwith ticket handling in the Network Security Services (NSS) libraries. These\nhave been addressed in the NSS 3.15.4 release, shipping on affected platforms.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491","reference_id":"CVE-2014-1491","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12","reference_id":"mfsa2014-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzab-cse9-uudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2000?format=json","vulnerability_id":"VCID-c6v9-maak-dyde","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739","reference_id":"CVE-2013-1739","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93","reference_id":"mfsa2013-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-1739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6v9-maak-dyde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2725?format=json","vulnerability_id":"VCID-ca9j-qrnm-eqc3","summary":"Antoine Delignat-Lavaud, security researcher at Inria Paris\nin team Prosecco, reported an issue in Network Security Services (NSS) libraries\naffecting all versions. He discovered that NSS is vulnerable to a variant of a\nsignature forgery attack previously published by Daniel Bleichenbacher. This is\ndue to lenient parsing of ASN.1 values involved in a signature and could lead to\nthe forging of RSA certificates.The Advanced Threat Research team at Intel Security also independently\ndiscovered and reported this issue.These have been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568","reference_id":"CVE-2014-1568","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73","reference_id":"mfsa2014-73","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1568"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca9j-qrnm-eqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2910?format=json","vulnerability_id":"VCID-cjnx-d8j7-zqg3","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"CVE-2015-7182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjnx-d8j7-zqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/581?format=json","vulnerability_id":"VCID-dj1s-kgfe-f7cm","summary":"A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj1s-kgfe-f7cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2763?format=json","vulnerability_id":"VCID-dvah-yevw-quhe","summary":"Security researcher  Christian Heimes reported that the Network Security\nServices (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard\ncertificates. This leads to improper wildcard matching of domains when they\nshould not be matched in compliance with the specification. This issue was fixed\nin NSS version 3.16.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492","reference_id":"CVE-2014-1492","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-45","reference_id":"mfsa2014-45","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1492"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvah-yevw-quhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1922?format=json","vulnerability_id":"VCID-fam8-n44k-2qh7","summary":"Mozilla developer Tim Taubert used the Address Sanitizer tool and\nsoftware fuzzing to discover a use-after-free vulnerability while processing DER encoded\nkeys in the Network Security Services (NSS) libraries. The vulnerability overwrites the\nfreed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox\n45.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979","reference_id":"CVE-2016-1979","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36","reference_id":"mfsa2016-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1979"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1884?format=json","vulnerability_id":"VCID-jj5f-y1h9-skcp","summary":"Mozilla has updated the version of Network Security Services\n(NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated\nnetworking security issues reported by Mozilla engineers Tyson Smith and\nJed Davis.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834","reference_id":"CVE-2016-2834","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-61","reference_id":"mfsa2016-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-61"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-2834"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jj5f-y1h9-skcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1886?format=json","vulnerability_id":"VCID-jwzp-ucfg-wycd","summary":"Security researcher Hanno Böck reported that calculations with\nmp_div and mp_exptmod in Network Security Services (NSS) can\nproduce wrong results in some circumstances. These functions are used within NSS for a\nvariety of cryptographic division functions, leading to potential cryptographic\nweaknesses.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938","reference_id":"CVE-2016-1938","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07","reference_id":"mfsa2016-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1938"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwzp-ucfg-wycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2772?format=json","vulnerability_id":"VCID-kn9n-dpkn-d7bu","summary":"Mozilla developer Brian Smith and security researchers\nAntoine Delignat-Lavaud and Karthikeyan\nBhargavan of the Prosecco research team at INRIA Paris reported issues\nwith ticket handling in the Network Security Services (NSS) libraries. These\nhave been addressed in the NSS 3.15.4 release, shipping on affected platforms.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490","reference_id":"CVE-2014-1490","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12","reference_id":"mfsa2014-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1490"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn9n-dpkn-d7bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1091?format=json","vulnerability_id":"VCID-kzju-7twc-fya8","summary":"NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410"},{"reference_url":"https://security.archlinux.org/ASA-202006-1","reference_id":"ASA-202006-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-1"},{"reference_url":"https://security.archlinux.org/ASA-202006-4","reference_id":"ASA-202006-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-4"},{"reference_url":"https://security.archlinux.org/AVG-1173","reference_id":"AVG-1173","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1173"},{"reference_url":"https://security.archlinux.org/AVG-1179","reference_id":"AVG-1179","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1179"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20","reference_id":"mfsa2020-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21","reference_id":"mfsa2020-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22","reference_id":"mfsa2020-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12399"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzju-7twc-fya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1170?format=json","vulnerability_id":"VCID-m314-1d92-fke4","summary":"When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-6829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m314-1d92-fke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2909?format=json","vulnerability_id":"VCID-mq7v-8uvq-5yeq","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"CVE-2015-7181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq7v-8uvq-5yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1983?format=json","vulnerability_id":"VCID-nmpw-53d9-cqaj","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741","reference_id":"CVE-2013-1741","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-1741"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmpw-53d9-cqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/554?format=json","vulnerability_id":"VCID-pa6e-373h-6ybr","summary":"An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://security.archlinux.org/ASA-201704-4","reference_id":"ASA-201704-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-4"},{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/ASA-201705-21","reference_id":"ASA-201705-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-21"},{"reference_url":"https://security.archlinux.org/AVG-247","reference_id":"AVG-247","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-247"},{"reference_url":"https://security.archlinux.org/AVG-248","reference_id":"AVG-248","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-248"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5461"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa6e-373h-6ybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1171?format=json","vulnerability_id":"VCID-phzc-3ex9-4bf7","summary":"When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phzc-3ex9-4bf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1169?format=json","vulnerability_id":"VCID-qpmv-44r5-tqby","summary":"During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12401"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpmv-44r5-tqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1236?format=json","vulnerability_id":"VCID-rc8a-n1r3-v7a1","summary":"During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. We would like to thank Sohaib ul Hassan for contributing a fix for this issue as well.*Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24","reference_id":"mfsa2020-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29","reference_id":"mfsa2020-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12402"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc8a-n1r3-v7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1598?format=json","vulnerability_id":"VCID-rfpm-yp1s-y3ft","summary":"When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://security.archlinux.org/ASA-201912-1","reference_id":"ASA-201912-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-1"},{"reference_url":"https://security.archlinux.org/ASA-201912-2","reference_id":"ASA-201912-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-2"},{"reference_url":"https://security.archlinux.org/AVG-1071","reference_id":"AVG-1071","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1071"},{"reference_url":"https://security.archlinux.org/AVG-1072","reference_id":"AVG-1072","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1072"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36","reference_id":"mfsa2019-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37","reference_id":"mfsa2019-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38","reference_id":"mfsa2019-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfpm-yp1s-y3ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1878?format=json","vulnerability_id":"VCID-s692-wjkg-xkfr","summary":"Mozilla developer  Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978","reference_id":"CVE-2016-1978","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15","reference_id":"mfsa2016-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1978"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s692-wjkg-xkfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=json","vulnerability_id":"VCID-vct8-ur1y-63db","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"CVE-2015-2721","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71","reference_id":"mfsa2015-71","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2721"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1840?format=json","vulnerability_id":"VCID-wfu5-qgs8-13ht","summary":"After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2022-22747"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfu5-qgs8-13ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=json","vulnerability_id":"VCID-wh5f-gkuv-q3ep","summary":"Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441","reference_id":"CVE-2012-0441","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39","reference_id":"mfsa2012-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"}],"aliases":["CVE-2012-0441"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wh5f-gkuv-q3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/234?format=json","vulnerability_id":"VCID-x4x5-44xh-6uat","summary":"An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2016-9074"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4x5-44xh-6uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1637?format=json","vulnerability_id":"VCID-xavu-ygkk-u3fn","summary":"A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xavu-ygkk-u3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1982?format=json","vulnerability_id":"VCID-xg2b-zzbj-juds","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606","reference_id":"CVE-2013-5606","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-5606"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg2b-zzbj-juds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1277?format=json","vulnerability_id":"VCID-yjyn-kpq2-qkb7","summary":"NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527"},{"reference_url":"https://security.archlinux.org/ASA-202112-3","reference_id":"ASA-202112-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-3"},{"reference_url":"https://security.archlinux.org/ASA-202112-4","reference_id":"ASA-202112-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-4"},{"reference_url":"https://security.archlinux.org/AVG-2596","reference_id":"AVG-2596","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2596"},{"reference_url":"https://security.archlinux.org/AVG-2597","reference_id":"AVG-2597","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2597"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51","reference_id":"mfsa2021-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2021-43527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjyn-kpq2-qkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2714?format=json","vulnerability_id":"VCID-znh3-rqwe-8ke3","summary":"Security researchers Tyson Smith and Jesse\nSchwartzentruber used the Address Sanitizer tool while fuzzing to\ndiscover a use-after-free error resulting in a crash. This is a result of a pair\nof NSSCertificate structures being added to a trust domain and then\none of them is removed while they are still in use by the trusted cache. This\ncrash is potentially exploitable.\nThis issue was addressed in the Network Security Services (NSS) library in version 3.16.2, \nshipping on affected platforms.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544","reference_id":"CVE-2014-1544","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-63","reference_id":"mfsa2014-63","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1544"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znh3-rqwe-8ke3"}],"fixing_vulnerabilities":[],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@3.12.8-1%252Bsqueeze14"}