{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","type":"deb","namespace":"debian","name":"nss","version":"2:3.14.5-1+deb7u5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2:3.61-1+deb11u3","latest_non_vulnerable_version":"2:3.61-1+deb11u3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1577?format=json","vulnerability_id":"VCID-1btz-x11h-wbe3","summary":"Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1btz-x11h-wbe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1981?format=json","vulnerability_id":"VCID-2amq-1dpv-r7ce","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605","reference_id":"CVE-2013-5605","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-5605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2amq-1dpv-r7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2931?format=json","vulnerability_id":"VCID-7gkv-pu79-43hx","summary":"Security researcher Matthew Green reported a Diffie–Hellman\n(DHE) key processing issue in Network Security Services (NSS) where a\nman-in-the-middle (MITM) attacker can force a server to downgrade TLS\nconnections to 512-bit export-grade cryptography by modifying client\nrequests to include only export-grade cipher suites. The resulting\nweak key can then be leveraged to impersonate the server. This attack\nis detailed in the \"Imperfect Forward\nSecrecy: How Diffie-Hellman Fails in Practice\" paper and is known as the\n\"Logjam Attack.\"This issue was fixed in NSS version 3.19.1 by limiting the lower strength of\nsupported DHE keys to use 1023 bit primes.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8176"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8873"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0460"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0469"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0470"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0477"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0478"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0480"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0488"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1788"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1789"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1790"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1791"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1792"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2590"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2601"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2613"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2621"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2625"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2628"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2632"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2808"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4731"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4732"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4733"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4749"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4760"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000","reference_id":"CVE-2015-4000","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4000"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70","reference_id":"mfsa2015-70","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-70"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-4000"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7gkv-pu79-43hx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2961?format=json","vulnerability_id":"VCID-81zk-xrsj-cufe","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"CVE-2015-7575","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150","reference_id":"mfsa2015-150","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7575"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3088?format=json","vulnerability_id":"VCID-9pxb-dcy9-gybh","summary":"Mozilla community member Watson Ladd reported that the\nimplementation of Elliptical Curve Cryptography (ECC) multiplication for\nElliptic Curve Digital Signature Algorithm (ECDSA) signature validation in\nNetwork Security Services (NSS) did not handle exceptional cases correctly. This\ncould potentially allow for signature forgery. This issue was fixed in NSS\nversion 3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730","reference_id":"CVE-2015-2730","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64","reference_id":"mfsa2015-64","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2730"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pxb-dcy9-gybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1959?format=json","vulnerability_id":"VCID-9wc3-cjef-3ucq","summary":"Security researcher Francis Gabriel of Quarkslab reported a heap-based\nbuffer overflow in the way the Network Security Services (NSS) libraries parsed certain\nASN.1 structures. An attacker could create a specially-crafted certificate which, when\nparsed by NSS, would cause it to crash or execute arbitrary code with the permissions of\nthe user.\nThis issue has been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950","reference_id":"CVE-2016-1950","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1950"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35","reference_id":"mfsa2016-35","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-35"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1950"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wc3-cjef-3ucq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1580?format=json","vulnerability_id":"VCID-9wkp-gr2p-kuda","summary":"When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22","reference_id":"mfsa2019-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23","reference_id":"mfsa2019-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-23"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11719"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9wkp-gr2p-kuda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/507?format=json","vulnerability_id":"VCID-aabg-akur-cyf3","summary":"During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805"},{"reference_url":"https://security.archlinux.org/ASA-201710-19","reference_id":"ASA-201710-19","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201710-19"},{"reference_url":"https://security.archlinux.org/AVG-441","reference_id":"AVG-441","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-441"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21","reference_id":"mfsa2017-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22","reference_id":"mfsa2017-22","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-22"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23","reference_id":"mfsa2017-23","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-23"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"},{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2017-7805"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-aabg-akur-cyf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1151?format=json","vulnerability_id":"VCID-bw2w-68hs-3bcd","summary":"After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://security.archlinux.org/ASA-202001-1","reference_id":"ASA-202001-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202001-1"},{"reference_url":"https://security.archlinux.org/AVG-1084","reference_id":"AVG-1084","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1084"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01","reference_id":"mfsa2020-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-01"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-17023"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bw2w-68hs-3bcd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2773?format=json","vulnerability_id":"VCID-bzab-cse9-uudk","summary":"Mozilla developer Brian Smith and security researchers\nAntoine Delignat-Lavaud and Karthikeyan\nBhargavan of the Prosecco research team at INRIA Paris reported issues\nwith ticket handling in the Network Security Services (NSS) libraries. These\nhave been addressed in the NSS 3.15.4 release, shipping on affected platforms.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491","reference_id":"CVE-2014-1491","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12","reference_id":"mfsa2014-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzab-cse9-uudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2000?format=json","vulnerability_id":"VCID-c6v9-maak-dyde","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739","reference_id":"CVE-2013-1739","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93","reference_id":"mfsa2013-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-1739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6v9-maak-dyde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2725?format=json","vulnerability_id":"VCID-ca9j-qrnm-eqc3","summary":"Antoine Delignat-Lavaud, security researcher at Inria Paris\nin team Prosecco, reported an issue in Network Security Services (NSS) libraries\naffecting all versions. He discovered that NSS is vulnerable to a variant of a\nsignature forgery attack previously published by Daniel Bleichenbacher. This is\ndue to lenient parsing of ASN.1 values involved in a signature and could lead to\nthe forging of RSA certificates.The Advanced Threat Research team at Intel Security also independently\ndiscovered and reported this issue.These have been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568","reference_id":"CVE-2014-1568","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73","reference_id":"mfsa2014-73","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1568"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca9j-qrnm-eqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2910?format=json","vulnerability_id":"VCID-cjnx-d8j7-zqg3","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182","reference_id":"CVE-2015-7182","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7182"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7182"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjnx-d8j7-zqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/581?format=json","vulnerability_id":"VCID-dj1s-kgfe-f7cm","summary":"A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5462"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj1s-kgfe-f7cm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2763?format=json","vulnerability_id":"VCID-dvah-yevw-quhe","summary":"Security researcher  Christian Heimes reported that the Network Security\nServices (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard\ncertificates. This leads to improper wildcard matching of domains when they\nshould not be matched in compliance with the specification. This issue was fixed\nin NSS version 3.16.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492","reference_id":"CVE-2014-1492","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-45","reference_id":"mfsa2014-45","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1492"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvah-yevw-quhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1922?format=json","vulnerability_id":"VCID-fam8-n44k-2qh7","summary":"Mozilla developer Tim Taubert used the Address Sanitizer tool and\nsoftware fuzzing to discover a use-after-free vulnerability while processing DER encoded\nkeys in the Network Security Services (NSS) libraries. The vulnerability overwrites the\nfreed memory with zeroes. This issue has been addressed in NSS 3.21.1, shipping in Firefox\n45.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979","reference_id":"CVE-2016-1979","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1979"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36","reference_id":"mfsa2016-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-36"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1979"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fam8-n44k-2qh7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1884?format=json","vulnerability_id":"VCID-jj5f-y1h9-skcp","summary":"Mozilla has updated the version of Network Security Services\n(NSS) library used in Firefox to NSS 3.23. This addresses four moderate rated\nnetworking security issues reported by Mozilla engineers Tyson Smith and\nJed Davis.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834","reference_id":"CVE-2016-2834","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-2834"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-61","reference_id":"mfsa2016-61","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-61"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-2834"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jj5f-y1h9-skcp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1886?format=json","vulnerability_id":"VCID-jwzp-ucfg-wycd","summary":"Security researcher Hanno Böck reported that calculations with\nmp_div and mp_exptmod in Network Security Services (NSS) can\nproduce wrong results in some circumstances. These functions are used within NSS for a\nvariety of cryptographic division functions, leading to potential cryptographic\nweaknesses.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938","reference_id":"CVE-2016-1938","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1938"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07","reference_id":"mfsa2016-07","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1938"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jwzp-ucfg-wycd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2772?format=json","vulnerability_id":"VCID-kn9n-dpkn-d7bu","summary":"Mozilla developer Brian Smith and security researchers\nAntoine Delignat-Lavaud and Karthikeyan\nBhargavan of the Prosecco research team at INRIA Paris reported issues\nwith ticket handling in the Network Security Services (NSS) libraries. These\nhave been addressed in the NSS 3.15.4 release, shipping on affected platforms.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490","reference_id":"CVE-2014-1490","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1490"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12","reference_id":"mfsa2014-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1490"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kn9n-dpkn-d7bu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1091?format=json","vulnerability_id":"VCID-kzju-7twc-fya8","summary":"NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410"},{"reference_url":"https://security.archlinux.org/ASA-202006-1","reference_id":"ASA-202006-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-1"},{"reference_url":"https://security.archlinux.org/ASA-202006-4","reference_id":"ASA-202006-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-4"},{"reference_url":"https://security.archlinux.org/AVG-1173","reference_id":"AVG-1173","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1173"},{"reference_url":"https://security.archlinux.org/AVG-1179","reference_id":"AVG-1179","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1179"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20","reference_id":"mfsa2020-20","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-20"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21","reference_id":"mfsa2020-21","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22","reference_id":"mfsa2020-22","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12399"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kzju-7twc-fya8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1170?format=json","vulnerability_id":"VCID-m314-1d92-fke4","summary":"When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-6829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m314-1d92-fke4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2909?format=json","vulnerability_id":"VCID-mq7v-8uvq-5yeq","summary":"Mozilla engineers Tyson Smith and David Keeler\nreported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security\nServices (NSS). These issues were in octet string parsing and were found through fuzzing\nand code inspection. If these issues were triggered, they would lead to a potentially\nexploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in\nFirefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in\nthe Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.\nThis leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181","reference_id":"CVE-2015-7181","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7181"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133","reference_id":"mfsa2015-133","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-7181"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mq7v-8uvq-5yeq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1983?format=json","vulnerability_id":"VCID-nmpw-53d9-cqaj","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741","reference_id":"CVE-2013-1741","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-1741"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmpw-53d9-cqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/554?format=json","vulnerability_id":"VCID-pa6e-373h-6ybr","summary":"An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502"},{"reference_url":"https://security.archlinux.org/ASA-201704-4","reference_id":"ASA-201704-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-4"},{"reference_url":"https://security.archlinux.org/ASA-201704-6","reference_id":"ASA-201704-6","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201704-6"},{"reference_url":"https://security.archlinux.org/ASA-201705-21","reference_id":"ASA-201705-21","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201705-21"},{"reference_url":"https://security.archlinux.org/AVG-247","reference_id":"AVG-247","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-247"},{"reference_url":"https://security.archlinux.org/AVG-248","reference_id":"AVG-248","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-248"},{"reference_url":"https://security.archlinux.org/AVG-249","reference_id":"AVG-249","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-249"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10","reference_id":"mfsa2017-10","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-10"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11","reference_id":"mfsa2017-11","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-11"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12","reference_id":"mfsa2017-12","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-12"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13","reference_id":"mfsa2017-13","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2017-13"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"},{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2017-5461"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pa6e-373h-6ybr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1171?format=json","vulnerability_id":"VCID-phzc-3ex9-4bf7","summary":"When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12400"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-phzc-3ex9-4bf7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1169?format=json","vulnerability_id":"VCID-qpmv-44r5-tqby","summary":"During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36","reference_id":"mfsa2020-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39","reference_id":"mfsa2020-39","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12401"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpmv-44r5-tqby"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1236?format=json","vulnerability_id":"VCID-rc8a-n1r3-v7a1","summary":"During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. We would like to thank Sohaib ul Hassan for contributing a fix for this issue as well.*Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24","reference_id":"mfsa2020-24","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-24"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29","reference_id":"mfsa2020-29","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2020-29"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2020-12402"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rc8a-n1r3-v7a1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1598?format=json","vulnerability_id":"VCID-rfpm-yp1s-y3ft","summary":"When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007"},{"reference_url":"https://security.archlinux.org/ASA-201912-1","reference_id":"ASA-201912-1","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-1"},{"reference_url":"https://security.archlinux.org/ASA-201912-2","reference_id":"ASA-201912-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201912-2"},{"reference_url":"https://security.archlinux.org/AVG-1071","reference_id":"AVG-1071","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1071"},{"reference_url":"https://security.archlinux.org/AVG-1072","reference_id":"AVG-1072","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1072"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36","reference_id":"mfsa2019-36","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-36"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37","reference_id":"mfsa2019-37","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-37"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38","reference_id":"mfsa2019-38","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-38"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"},{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11745"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rfpm-yp1s-y3ft"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1878?format=json","vulnerability_id":"VCID-s692-wjkg-xkfr","summary":"Mozilla developer  Eric Rescorla reported that a failed allocation during DHE and ECDHE handshakes would lead to a use-after-free vulnerability.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978","reference_id":"CVE-2016-1978","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1978"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15","reference_id":"mfsa2016-15","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-15"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2016-1978"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s692-wjkg-xkfr"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=json","vulnerability_id":"VCID-vct8-ur1y-63db","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"CVE-2015-2721","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71","reference_id":"mfsa2015-71","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2721"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1840?format=json","vulnerability_id":"VCID-wfu5-qgs8-13ht","summary":"After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01","reference_id":"mfsa2022-01","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-01"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02","reference_id":"mfsa2022-02","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-02"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03","reference_id":"mfsa2022-03","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2022-03"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2022-22747"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wfu5-qgs8-13ht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/234?format=json","vulnerability_id":"VCID-x4x5-44xh-6uat","summary":"An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89","reference_id":"mfsa2016-89","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-89"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90","reference_id":"mfsa2016-90","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-90"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93","reference_id":"mfsa2016-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2016-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5017?format=json","purl":"pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1"}],"aliases":["CVE-2016-9074"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x4x5-44xh-6uat"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1637?format=json","vulnerability_id":"VCID-xavu-ygkk-u3fn","summary":"A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727"},{"reference_url":"https://security.archlinux.org/ASA-201907-4","reference_id":"ASA-201907-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201907-4"},{"reference_url":"https://security.archlinux.org/AVG-1002","reference_id":"AVG-1002","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1002"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21","reference_id":"mfsa2019-21","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-21"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28","reference_id":"mfsa2019-28","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2019-28"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5855?format=json","purl":"pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3"}],"aliases":["CVE-2019-11727"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xavu-ygkk-u3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1982?format=json","vulnerability_id":"VCID-xg2b-zzbj-juds","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606","reference_id":"CVE-2013-5606","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-5606"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg2b-zzbj-juds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1277?format=json","vulnerability_id":"VCID-yjyn-kpq2-qkb7","summary":"NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527"},{"reference_url":"https://security.archlinux.org/ASA-202112-3","reference_id":"ASA-202112-3","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-3"},{"reference_url":"https://security.archlinux.org/ASA-202112-4","reference_id":"ASA-202112-4","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202112-4"},{"reference_url":"https://security.archlinux.org/AVG-2596","reference_id":"AVG-2596","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2596"},{"reference_url":"https://security.archlinux.org/AVG-2597","reference_id":"AVG-2597","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2597"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51","reference_id":"mfsa2021-51","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2021-51"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5252?format=json","purl":"pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-xavu-ygkk-u3fn"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5"}],"aliases":["CVE-2021-43527"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yjyn-kpq2-qkb7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2714?format=json","vulnerability_id":"VCID-znh3-rqwe-8ke3","summary":"Security researchers Tyson Smith and Jesse\nSchwartzentruber used the Address Sanitizer tool while fuzzing to\ndiscover a use-after-free error resulting in a crash. This is a result of a pair\nof NSSCertificate structures being added to a trust domain and then\none of them is removed while they are still in use by the trusted cache. This\ncrash is potentially exploitable.\nThis issue was addressed in the Network Security Services (NSS) library in version 3.16.2, \nshipping on affected platforms.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544","reference_id":"CVE-2014-1544","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-63","reference_id":"mfsa2014-63","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1544"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znh3-rqwe-8ke3"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1981?format=json","vulnerability_id":"VCID-2amq-1dpv-r7ce","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605","reference_id":"CVE-2013-5605","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5605"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-5605"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-2amq-1dpv-r7ce"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2105?format=json","vulnerability_id":"VCID-4gzd-m5g6-rbgm","summary":"Mozilla community member Ambroz Bizjak reported an\nout-of-bounds array read in the CERT_DecodeCertPackage function of\nthe Network Security Services (NSS) library when decoding a certificate. When\nthis occurs, it will lead to memory corruption and a non-exploitable crash.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791","reference_id":"CVE-2013-0791","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0791"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-40","reference_id":"mfsa2013-40","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-40"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"}],"aliases":["CVE-2013-0791"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4gzd-m5g6-rbgm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3088?format=json","vulnerability_id":"VCID-9pxb-dcy9-gybh","summary":"Mozilla community member Watson Ladd reported that the\nimplementation of Elliptical Curve Cryptography (ECC) multiplication for\nElliptic Curve Digital Signature Algorithm (ECDSA) signature validation in\nNetwork Security Services (NSS) did not handle exceptional cases correctly. This\ncould potentially allow for signature forgery. This issue was fixed in NSS\nversion 3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730","reference_id":"CVE-2015-2730","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2730"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64","reference_id":"mfsa2015-64","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-64"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2730"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9pxb-dcy9-gybh"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2773?format=json","vulnerability_id":"VCID-bzab-cse9-uudk","summary":"Mozilla developer Brian Smith and security researchers\nAntoine Delignat-Lavaud and Karthikeyan\nBhargavan of the Prosecco research team at INRIA Paris reported issues\nwith ticket handling in the Network Security Services (NSS) libraries. These\nhave been addressed in the NSS 3.15.4 release, shipping on affected platforms.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491","reference_id":"CVE-2014-1491","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1491"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12","reference_id":"mfsa2014-12","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-12"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1491"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bzab-cse9-uudk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2000?format=json","vulnerability_id":"VCID-c6v9-maak-dyde","summary":"Mozilla developers identified and fixed several memory safety bugs in the\nbrowser engine used in Firefox and other Mozilla-based products. Some of these\nbugs showed evidence of memory corruption under certain circumstances, and we\npresume that with enough effort at least some of these could be exploited to run\narbitrary code.In general these flaws cannot be exploited through email in the\nThunderbird and Seamonkey products because scripting is disabled, but are\npotentially a risk in browser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739","reference_id":"CVE-2013-1739","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1739"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93","reference_id":"mfsa2013-93","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-93"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-1739"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c6v9-maak-dyde"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2725?format=json","vulnerability_id":"VCID-ca9j-qrnm-eqc3","summary":"Antoine Delignat-Lavaud, security researcher at Inria Paris\nin team Prosecco, reported an issue in Network Security Services (NSS) libraries\naffecting all versions. He discovered that NSS is vulnerable to a variant of a\nsignature forgery attack previously published by Daniel Bleichenbacher. This is\ndue to lenient parsing of ASN.1 values involved in a signature and could lead to\nthe forging of RSA certificates.The Advanced Threat Research team at Intel Security also independently\ndiscovered and reported this issue.These have been addressed in the NSS releases shipping on affected Mozilla\nproducts:","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568","reference_id":"CVE-2014-1568","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1568"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73","reference_id":"mfsa2014-73","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-73"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1568"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ca9j-qrnm-eqc3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2763?format=json","vulnerability_id":"VCID-dvah-yevw-quhe","summary":"Security researcher  Christian Heimes reported that the Network Security\nServices (NSS) library does not handle IDNA domain prefixes according to RFC 6125 for wildcard\ncertificates. This leads to improper wildcard matching of domains when they\nshould not be matched in compliance with the specification. This issue was fixed\nin NSS version 3.16.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492","reference_id":"CVE-2014-1492","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1492"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-45","reference_id":"mfsa2014-45","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-45"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1492"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dvah-yevw-quhe"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1983?format=json","vulnerability_id":"VCID-nmpw-53d9-cqaj","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741","reference_id":"CVE-2013-1741","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1741"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-1741"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nmpw-53d9-cqaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2945?format=json","vulnerability_id":"VCID-vct8-ur1y-63db","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where the client allows for a ECDHE_ECDSA\nexchange where the server does not send its ServerKeyExchange\nmessage instead of aborting the handshake. Instead, the NSS client will take the\nEC key from the ECDSA certificate. This violates the TLS protocol and also has\nsome security implications for forward secrecy. In this situation, the browser\nthinks it is engaged in an ECDHE exchange, but has been silently downgraded to a\nnon-forward secret mixed-ECDH exchange instead. As a result, if False\nStart is enabled, the browser will start sending data encrypted under\nthese non-forward-secret connection keys. This issue was fixed in NSS version\n3.19.1.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721","reference_id":"CVE-2015-2721","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2721"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71","reference_id":"mfsa2015-71","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-71"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4280?format=json","purl":"pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3"}],"aliases":["CVE-2015-2721"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vct8-ur1y-63db"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2329?format=json","vulnerability_id":"VCID-wh5f-gkuv-q3ep","summary":"Security researcher Kaspar Brand found a flaw in how the\nNetwork Security Services (NSS) ASN.1 decoder handles zero length items. Effects\nof this issue depend on the field. One known symptom is an unexploitable crash\nin handling OCSP responses. NSS also mishandles zero-length basic constraints,\nassuming default values for some types that should be rejected as malformed.\nThese issues have been addressed in NSS 3.13.4, which is now being used by\nMozilla.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441","reference_id":"CVE-2012-0441","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0441"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39","reference_id":"mfsa2012-39","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2012-39"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"}],"aliases":["CVE-2012-0441"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wh5f-gkuv-q3ep"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/1982?format=json","vulnerability_id":"VCID-xg2b-zzbj-juds","summary":"Mozilla has updated the version of Network Security\nServices (NSS) library used in Mozilla projects to NSS 3.15.3 with the\nexception of ESR17-based releases, which have been updated to NSS 3.14.5. This\naddresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially\nexploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS\n3.14.5.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606","reference_id":"CVE-2013-5606","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5606"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103","reference_id":"mfsa2013-103","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2013-103"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2013-5606"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xg2b-zzbj-juds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2714?format=json","vulnerability_id":"VCID-znh3-rqwe-8ke3","summary":"Security researchers Tyson Smith and Jesse\nSchwartzentruber used the Address Sanitizer tool while fuzzing to\ndiscover a use-after-free error resulting in a crash. This is a result of a pair\nof NSSCertificate structures being added to a trust domain and then\none of them is removed while they are still in use by the trusted cache. This\ncrash is potentially exploitable.\nThis issue was addressed in the Network Security Services (NSS) library in version 3.16.2, \nshipping on affected platforms.In general this flaw cannot be exploited through email in the\nThunderbird product because scripting is disabled, but is potentially a risk in\nbrowser or browser-like contexts.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544","reference_id":"CVE-2014-1544","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1544"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-63","reference_id":"mfsa2014-63","reference_type":"","scores":[{"value":"high","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2014-63"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/4085?format=json","purl":"pkg:deb/debian/nss@2:3.14.5-1%2Bdeb7u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-2amq-1dpv-r7ce"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-bzab-cse9-uudk"},{"vulnerability":"VCID-c6v9-maak-dyde"},{"vulnerability":"VCID-ca9j-qrnm-eqc3"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-dvah-yevw-quhe"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kn9n-dpkn-d7bu"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-nmpw-53d9-cqaj"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-xg2b-zzbj-juds"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"},{"vulnerability":"VCID-znh3-rqwe-8ke3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"},{"url":"http://public2.vulnerablecode.io/api/packages/4279?format=json","purl":"pkg:deb/debian/nss@2:3.17.2-1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1btz-x11h-wbe3"},{"vulnerability":"VCID-7gkv-pu79-43hx"},{"vulnerability":"VCID-81zk-xrsj-cufe"},{"vulnerability":"VCID-9pxb-dcy9-gybh"},{"vulnerability":"VCID-9wc3-cjef-3ucq"},{"vulnerability":"VCID-9wkp-gr2p-kuda"},{"vulnerability":"VCID-aabg-akur-cyf3"},{"vulnerability":"VCID-bw2w-68hs-3bcd"},{"vulnerability":"VCID-cjnx-d8j7-zqg3"},{"vulnerability":"VCID-dj1s-kgfe-f7cm"},{"vulnerability":"VCID-fam8-n44k-2qh7"},{"vulnerability":"VCID-jj5f-y1h9-skcp"},{"vulnerability":"VCID-jwzp-ucfg-wycd"},{"vulnerability":"VCID-kzju-7twc-fya8"},{"vulnerability":"VCID-m314-1d92-fke4"},{"vulnerability":"VCID-mq7v-8uvq-5yeq"},{"vulnerability":"VCID-pa6e-373h-6ybr"},{"vulnerability":"VCID-phzc-3ex9-4bf7"},{"vulnerability":"VCID-qpmv-44r5-tqby"},{"vulnerability":"VCID-rc8a-n1r3-v7a1"},{"vulnerability":"VCID-rfpm-yp1s-y3ft"},{"vulnerability":"VCID-s692-wjkg-xkfr"},{"vulnerability":"VCID-vct8-ur1y-63db"},{"vulnerability":"VCID-wfu5-qgs8-13ht"},{"vulnerability":"VCID-x4x5-44xh-6uat"},{"vulnerability":"VCID-xavu-ygkk-u3fn"},{"vulnerability":"VCID-yjyn-kpq2-qkb7"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.17.2-1.1"}],"aliases":["CVE-2014-1544"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-znh3-rqwe-8ke3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.14.5-1%252Bdeb7u5"}