{"url":"http://public2.vulnerablecode.io/api/packages/5449?format=json","purl":"pkg:deb/debian/gnutls28@3.5.8-5%2Bdeb9u5","type":"deb","namespace":"debian","name":"gnutls28","version":"3.5.8-5+deb9u5","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.7.1-5+deb11u3","latest_non_vulnerable_version":"3.7.1-5+deb11u3","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4139?format=json","vulnerability_id":"VCID-7edm-wc8c-ayg3","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3836"},{"reference_url":"https://security.archlinux.org/ASA-201904-2","reference_id":"ASA-201904-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-2"},{"reference_url":"https://security.archlinux.org/AVG-945","reference_id":"AVG-945","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-945"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5450?format=json","purl":"pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v7nt-mvm3-4udj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.6.7-4%252Bdeb10u8"}],"aliases":["CVE-2019-3836"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-7edm-wc8c-ayg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/4140?format=json","vulnerability_id":"VCID-mgww-jmn5-5keq","summary":"multiple issues","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3829"},{"reference_url":"https://security.archlinux.org/ASA-201904-2","reference_id":"ASA-201904-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201904-2"},{"reference_url":"https://security.archlinux.org/AVG-945","reference_id":"AVG-945","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-945"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5450?format=json","purl":"pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v7nt-mvm3-4udj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.6.7-4%252Bdeb10u8"}],"aliases":["CVE-2019-3829"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mgww-jmn5-5keq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/5887?format=json","vulnerability_id":"VCID-v7nt-mvm3-4udj","summary":"man-in-the-middle","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13777"},{"reference_url":"https://security.archlinux.org/ASA-202006-2","reference_id":"ASA-202006-2","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202006-2"},{"reference_url":"https://security.archlinux.org/AVG-1177","reference_id":"AVG-1177","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1177"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5450?format=json","purl":"pkg:deb/debian/gnutls28@3.6.7-4%2Bdeb10u8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v7nt-mvm3-4udj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.6.7-4%252Bdeb10u8"},{"url":"http://public2.vulnerablecode.io/api/packages/5787?format=json","purl":"pkg:deb/debian/gnutls28@3.7.1-5%2Bdeb11u3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.7.1-5%252Bdeb11u3"}],"aliases":["CVE-2020-13777"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v7nt-mvm3-4udj"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2961?format=json","vulnerability_id":"VCID-81zk-xrsj-cufe","summary":"Security researcher Karthikeyan Bhargavan reported an issue\nin Network Security Services (NSS) where MD5 signatures in the server signature within the\nTLS 1.2 ServerKeyExchange message are still accepted. This is an issue since NSS has\nofficially disallowed the accepting MD5 as a hash algorithm in signatures since 2011. This\nissues exposes NSS based clients such as Firefox to theoretical collision-based forgery\nattacks. This issue was fixed in NSS version 3.20.2.","references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4734"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4803"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4805"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4806"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4835"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4842"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4860"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4872"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4881"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4882"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4883"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4893"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4903"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4911"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0402"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0448"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0466"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0483"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0494"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1526"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575","reference_id":"CVE-2015-7575","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7575"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150","reference_id":"mfsa2015-150","reference_type":"","scores":[{"value":"none","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2015-150"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5449?format=json","purl":"pkg:deb/debian/gnutls28@3.5.8-5%2Bdeb9u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-7edm-wc8c-ayg3"},{"vulnerability":"VCID-mgww-jmn5-5keq"},{"vulnerability":"VCID-v7nt-mvm3-4udj"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.5.8-5%252Bdeb9u5"}],"aliases":["CVE-2015-7575"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-81zk-xrsj-cufe"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/gnutls28@3.5.8-5%252Bdeb9u5"}