Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:deb/debian/nspr@4.7.1-5
Typedeb
Namespacedebian
Namenspr
Version4.7.1-5
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2:4.12-1+debu8u1
Latest_non_vulnerable_version2:4.12-1+debu8u1
Affected_by_vulnerabilities
0
url VCID-2j41-vcxe-w3af
vulnerability_id VCID-2j41-vcxe-w3af
summary 
Security researcher Abhishek Arya (Inferno) of the Google
Chrome Security Team reported an out of bounds write in the 
Netscape 
Portable Runtime (NSPR) leading to a potentially exploitable crash or code
execution. This issue is fixed in NSPR version 4.10.6.
This NSPR flaw was not exposed to web content in any shipped version of Firefox.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
reference_id CVE-2014-1545
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1545
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2014-55
reference_id mfsa2014-55
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2014-55
fixed_packages
0
url pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3
purl pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j41-vcxe-w3af
1
vulnerability VCID-2sem-6a6r-suem
2
vulnerability VCID-qqrz-4j53-d3b8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3
1
url pkg:deb/debian/nspr@2:4.10.7-1
purl pkg:deb/debian/nspr@2:4.10.7-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2sem-6a6r-suem
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.10.7-1
aliases CVE-2014-1545
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2j41-vcxe-w3af
1
url VCID-2sem-6a6r-suem
vulnerability_id VCID-2sem-6a6r-suem
summary 
Mozilla engineers Tyson Smith and David Keeler
reported a use-after-poison and buffer overflow in the ASN.1 decoder in Network Security
Services (NSS). These issues were in octet string parsing and were found through fuzzing
and code inspection. If these issues were triggered, they would lead to a potentially
exploitable crash. These issues were fixed in NSS version 3.19.2.1 and 3.19.4, shipped in
Firefox and Firefox ESR, respectively, as well as NSS 3.20.1.Google security engineer Ryan Sleevi reported an integer overflow in
the Netscape Portable Runtime (NSPR) due to a lack of checks during memory allocation.
This leads to a potentially exploitable crash. This issue is fixed in NSPR 4.10.10. The NSPR library is a required component of NSS.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183
reference_id CVE-2015-7183
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7183
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2015-133
reference_id mfsa2015-133
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2015-133
fixed_packages
0
url pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3
purl pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j41-vcxe-w3af
1
vulnerability VCID-2sem-6a6r-suem
2
vulnerability VCID-qqrz-4j53-d3b8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3
1
url pkg:deb/debian/nspr@2:4.12-1%2Bdebu8u1
purl pkg:deb/debian/nspr@2:4.12-1%2Bdebu8u1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.12-1%252Bdebu8u1
aliases CVE-2015-7183
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2sem-6a6r-suem
2
url VCID-ngse-2y4s-13hs
vulnerability_id VCID-ngse-2y4s-13hs
summary 
Security researcher Alin Rad Pop of Secunia
Research reported a heap-based buffer overflow in Mozilla's string to
floating point number conversion routines.  Using this vulnerability
an attacker could craft some malicious JavaScript code containing a
very long string to be converted to a floating point number which
would result in improper memory allocation and the execution of an
arbitrary memory location.  This vulnerability could thus be leveraged
by the attacker to run arbitrary code on a victim's computer.Update: The underlying flaw in the dtoa routines used
by Mozilla appears to be essentially the same as that reported against the
libc gdtoa routine by Maksymilian Arciemowicz.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
reference_id CVE-2009-0689
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0689
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-59
reference_id mfsa2009-59
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-59
fixed_packages
0
url pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1
purl pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j41-vcxe-w3af
1
vulnerability VCID-2sem-6a6r-suem
2
vulnerability VCID-qqrz-4j53-d3b8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@4.8.6-1%252Bsqueeze1
aliases CVE-2009-0689
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ngse-2y4s-13hs
3
url VCID-qqrz-4j53-d3b8
vulnerability_id VCID-qqrz-4j53-d3b8
summary 
Mozilla has updated the version of Network Security
Services (NSS) library used in Mozilla projects to NSS 3.15.3 with the
exception of ESR17-based releases, which have been updated to NSS 3.14.5. This
addresses several moderate to critical rated networking security issues.Google developer Andrew Tinits reported a potentially
exploitable buffer overflow that was fixed in both NSS 3.15.3 and NSS
3.14.5.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
reference_id CVE-2013-5607
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5607
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2013-103
reference_id mfsa2013-103
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2013-103
fixed_packages
0
url pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3
purl pkg:deb/debian/nspr@2:4.9.2-1%2Bdeb7u3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j41-vcxe-w3af
1
vulnerability VCID-2sem-6a6r-suem
2
vulnerability VCID-qqrz-4j53-d3b8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.9.2-1%252Bdeb7u3
1
url pkg:deb/debian/nspr@2:4.10.7-1
purl pkg:deb/debian/nspr@2:4.10.7-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2sem-6a6r-suem
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@2:4.10.7-1
aliases CVE-2013-5607
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qqrz-4j53-d3b8
4
url VCID-zp8z-8z1b-3fep
vulnerability_id VCID-zp8z-8z1b-3fep
summary 
Mozilla developers took fixes from previously fixed memory safety
bugs in newer Mozilla-based products and ported them to the Mozilla
1.8.1 branch so they can be utilized by Thunderbird 2 and SeaMonkey
1.1.
references
0
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463
reference_id CVE-2009-2463
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2463
1
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2009-34
reference_id mfsa2009-34
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2009-34
2
reference_url https://www.mozilla.org/en-US/security/advisories/mfsa2010-07
reference_id mfsa2010-07
reference_type
scores
0
value critical
scoring_system generic_textual
scoring_elements
url https://www.mozilla.org/en-US/security/advisories/mfsa2010-07
fixed_packages
0
url pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1
purl pkg:deb/debian/nspr@4.8.6-1%2Bsqueeze1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2j41-vcxe-w3af
1
vulnerability VCID-2sem-6a6r-suem
2
vulnerability VCID-qqrz-4j53-d3b8
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@4.8.6-1%252Bsqueeze1
aliases CVE-2009-2463
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zp8z-8z1b-3fep
Fixing_vulnerabilities
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:deb/debian/nspr@4.7.1-5