Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/5017?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/5017?format=api", "purl": "pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1", "type": "deb", "namespace": "debian", "name": "nss", "version": "2:3.26.2-1.1+deb9u1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2:3.61-1+deb11u3", "latest_non_vulnerable_version": "2:3.61-1+deb11u3", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1577?format=api", "vulnerability_id": "VCID-1btz-x11h-wbe3", "summary": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22", "reference_id": "mfsa2019-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23", "reference_id": "mfsa2019-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11729" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1btz-x11h-wbe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1580?format=api", "vulnerability_id": "VCID-9wkp-gr2p-kuda", "summary": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22", "reference_id": "mfsa2019-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23", "reference_id": "mfsa2019-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11719" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wkp-gr2p-kuda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/507?format=api", "vulnerability_id": "VCID-aabg-akur-cyf3", "summary": "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805" }, { "reference_url": "https://security.archlinux.org/ASA-201710-19", "reference_id": "ASA-201710-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-19" }, { "reference_url": "https://security.archlinux.org/AVG-441", "reference_id": "AVG-441", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-441" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21", "reference_id": "mfsa2017-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-22", "reference_id": "mfsa2017-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-23", "reference_id": "mfsa2017-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2017-7805" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aabg-akur-cyf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1151?format=api", "vulnerability_id": "VCID-bw2w-68hs-3bcd", "summary": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://security.archlinux.org/ASA-202001-1", "reference_id": "ASA-202001-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202001-1" }, { "reference_url": "https://security.archlinux.org/AVG-1084", "reference_id": "AVG-1084", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1084" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01", "reference_id": "mfsa2020-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17023" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bw2w-68hs-3bcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1091?format=api", "vulnerability_id": "VCID-kzju-7twc-fya8", "summary": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410" }, { "reference_url": "https://security.archlinux.org/ASA-202006-1", "reference_id": "ASA-202006-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-1" }, { "reference_url": "https://security.archlinux.org/ASA-202006-4", "reference_id": "ASA-202006-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-4" }, { "reference_url": "https://security.archlinux.org/AVG-1173", "reference_id": "AVG-1173", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1173" }, { "reference_url": "https://security.archlinux.org/AVG-1179", "reference_id": "AVG-1179", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1179" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20", "reference_id": "mfsa2020-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21", "reference_id": "mfsa2020-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22", "reference_id": "mfsa2020-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzju-7twc-fya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1170?format=api", "vulnerability_id": "VCID-m314-1d92-fke4", "summary": "When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-6829" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m314-1d92-fke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1171?format=api", "vulnerability_id": "VCID-phzc-3ex9-4bf7", "summary": "When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phzc-3ex9-4bf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1169?format=api", "vulnerability_id": "VCID-qpmv-44r5-tqby", "summary": "During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12401" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpmv-44r5-tqby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1236?format=api", "vulnerability_id": "VCID-rc8a-n1r3-v7a1", "summary": "During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. We would like to thank Sohaib ul Hassan for contributing a fix for this issue as well.*Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24", "reference_id": "mfsa2020-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29", "reference_id": "mfsa2020-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12402" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc8a-n1r3-v7a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1598?format=api", "vulnerability_id": "VCID-rfpm-yp1s-y3ft", "summary": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11745" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfpm-yp1s-y3ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1840?format=api", "vulnerability_id": "VCID-wfu5-qgs8-13ht", "summary": "After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is believed to be unexploitable.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4140" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22737" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22738" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22739" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22740" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22741" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22742" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22743" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22747" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22748" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22751" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01", "reference_id": "mfsa2022-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-01" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02", "reference_id": "mfsa2022-02", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-02" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03", "reference_id": "mfsa2022-03", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2022-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2022-22747" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wfu5-qgs8-13ht" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1637?format=api", "vulnerability_id": "VCID-xavu-ygkk-u3fn", "summary": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11727" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xavu-ygkk-u3fn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1277?format=api", "vulnerability_id": "VCID-yjyn-kpq2-qkb7", "summary": "NSS (Network Security Services) versions prior to 3.73 or 3.68.1 ESR are vulnerable to a heap overflow when handling DER-encoded DSA or RSA-PSS signatures. Applications using NSS for handling signatures encoded within CMS, S/MIME, PKCS \\#7, or PKCS \\#12 are likely to be impacted. Applications using NSS for certificate validation or other TLS, X.509, OCSP or CRL functionality may be impacted, depending on how they configure NSS. *Note: This vulnerability does NOT impact Mozilla Firefox.* However, email clients and PDF viewers that use NSS for signature verification, such as Thunderbird, LibreOffice, Evolution and Evince are believed to be impacted.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43527" }, { "reference_url": "https://security.archlinux.org/ASA-202112-3", "reference_id": "ASA-202112-3", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202112-3" }, { "reference_url": "https://security.archlinux.org/ASA-202112-4", "reference_id": "ASA-202112-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202112-4" }, { "reference_url": "https://security.archlinux.org/AVG-2596", "reference_id": "AVG-2596", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2596" }, { "reference_url": "https://security.archlinux.org/AVG-2597", "reference_id": "AVG-2597", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2597" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51", "reference_id": "mfsa2021-51", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2021-51" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2021-43527" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjyn-kpq2-qkb7" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/507?format=api", "vulnerability_id": "VCID-aabg-akur-cyf3", "summary": "During TLS 1.2 exchanges, handshake hashes are generated which point to a message buffer. This saved data is used for later messages but in some cases, the handshake transcript can exceed the space available in the current buffer, causing the allocation of a new buffer. This leaves a pointer pointing to the old, freed buffer, resulting in a use-after-free when handshake hashes are then calculated afterwards. This can result in a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7805" }, { "reference_url": "https://security.archlinux.org/ASA-201710-19", "reference_id": "ASA-201710-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201710-19" }, { "reference_url": "https://security.archlinux.org/AVG-441", "reference_id": "AVG-441", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-441" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21", "reference_id": "mfsa2017-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-22", "reference_id": "mfsa2017-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-23", "reference_id": "mfsa2017-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-23" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4280?format=api", "purl": "pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-aabg-akur-cyf3" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-dj1s-kgfe-f7cm" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-pa6e-373h-6ybr" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-wfu5-qgs8-13ht" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" }, { "vulnerability": "VCID-yjyn-kpq2-qkb7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/5017?format=api", "purl": "pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-aabg-akur-cyf3" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-wfu5-qgs8-13ht" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" }, { "vulnerability": "VCID-yjyn-kpq2-qkb7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1" }, { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" } ], "aliases": [ "CVE-2017-7805" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aabg-akur-cyf3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/581?format=api", "vulnerability_id": "VCID-dj1s-kgfe-f7cm", "summary": "A flaw in DRBG number generation within the Network Security Services (NSS) library where the internal state V does not correctly carry bits over. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10", "reference_id": "mfsa2017-10", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11", "reference_id": "mfsa2017-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12", "reference_id": "mfsa2017-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13", "reference_id": "mfsa2017-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4280?format=api", "purl": "pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-aabg-akur-cyf3" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-dj1s-kgfe-f7cm" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-pa6e-373h-6ybr" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-wfu5-qgs8-13ht" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" }, { "vulnerability": "VCID-yjyn-kpq2-qkb7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/5017?format=api", "purl": "pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-aabg-akur-cyf3" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-wfu5-qgs8-13ht" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" }, { "vulnerability": "VCID-yjyn-kpq2-qkb7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1" } ], "aliases": [ "CVE-2017-5462" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj1s-kgfe-f7cm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/554?format=api", "vulnerability_id": "VCID-pa6e-373h-6ybr", "summary": "An out-of-bounds write during Base64 decoding operation in the Network Security Services (NSS) library due to insufficient memory being allocated to the buffer. This results in a potentially exploitable crash. The NSS library has been updated to fix this issue to address this issue and Firefox 53 has been updated with NSS version 3.29.5.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5461" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5462" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7502" }, { "reference_url": "https://security.archlinux.org/ASA-201704-4", "reference_id": "ASA-201704-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-4" }, { "reference_url": "https://security.archlinux.org/ASA-201704-6", "reference_id": "ASA-201704-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201704-6" }, { "reference_url": "https://security.archlinux.org/ASA-201705-21", "reference_id": "ASA-201705-21", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201705-21" }, { "reference_url": "https://security.archlinux.org/AVG-247", "reference_id": "AVG-247", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-247" }, { "reference_url": "https://security.archlinux.org/AVG-248", "reference_id": "AVG-248", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-248" }, { "reference_url": "https://security.archlinux.org/AVG-249", "reference_id": "AVG-249", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-249" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10", "reference_id": "mfsa2017-10", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-10" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11", "reference_id": "mfsa2017-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12", "reference_id": "mfsa2017-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-12" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13", "reference_id": "mfsa2017-13", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2017-13" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/4280?format=api", "purl": "pkg:deb/debian/nss@2:3.26-1%2Bdebu8u3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-aabg-akur-cyf3" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-dj1s-kgfe-f7cm" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-pa6e-373h-6ybr" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-wfu5-qgs8-13ht" }, { "vulnerability": "VCID-x4x5-44xh-6uat" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" }, { "vulnerability": "VCID-yjyn-kpq2-qkb7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26-1%252Bdebu8u3" }, { "url": "http://public2.vulnerablecode.io/api/packages/5017?format=api", "purl": "pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-aabg-akur-cyf3" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-wfu5-qgs8-13ht" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" }, { "vulnerability": "VCID-yjyn-kpq2-qkb7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1" } ], "aliases": [ "CVE-2017-5461" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-pa6e-373h-6ybr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/234?format=api", "vulnerability_id": "VCID-x4x5-44xh-6uat", "summary": "An existing mitigation of timing side-channel attacks is insufficient in some circumstances. This issue is addressed in Network Security Services (NSS) 3.26.1.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5290" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5291" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5296" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5297" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9066" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9074" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-9079" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89", "reference_id": "mfsa2016-89", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-89" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90", "reference_id": "mfsa2016-90", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-90" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93", "reference_id": "mfsa2016-93", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2016-93" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5017?format=api", "purl": "pkg:deb/debian/nss@2:3.26.2-1.1%2Bdeb9u1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-aabg-akur-cyf3" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-wfu5-qgs8-13ht" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" }, { "vulnerability": "VCID-yjyn-kpq2-qkb7" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1" } ], "aliases": [ "CVE-2016-9074" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x4x5-44xh-6uat" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.26.2-1.1%252Bdeb9u1" }