{"url":"http://public2.vulnerablecode.io/api/packages/572016?format=json","purl":"pkg:deb/debian/nginx@0.6.32-3%2Blenny3","type":"deb","namespace":"debian","name":"nginx","version":"0.6.32-3+lenny3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"1.22.1-9+deb12u4","latest_non_vulnerable_version":"1.28.3-2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/14?format=json","vulnerability_id":"VCID-22cq-z7km-cfdc","summary":"SSL session reuse vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-23419.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23419","reference_id":"","reference_type":"","scores":[{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88157","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88128","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88147","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88153","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88163","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88156","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88105","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0383","scoring_system":"epss","scoring_elements":"0.88121","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-23419"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-23419"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2025/NYEUJX7NCBCGJGXDFVXNMAAMJDFSE45G.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403","reference_id":"1095403","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1095403"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344005","reference_id":"2344005","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2344005"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23419","reference_id":"CVE-2025-23419","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-23419"},{"reference_url":"https://my.f5.com/manage/s/article/K000149173","reference_id":"K000149173","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"},{"value":"5.3","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T18:12:47Z/"}],"url":"https://my.f5.com/manage/s/article/K000149173"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7331","reference_id":"RHSA-2025:7331","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7331"},{"reference_url":"https://usn.ubuntu.com/7285-1/","reference_id":"USN-7285-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7285-1/"},{"reference_url":"https://usn.ubuntu.com/7285-2/","reference_id":"USN-7285-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7285-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2025-23419"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-22cq-z7km-cfdc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/90808?format=json","vulnerability_id":"VCID-36pf-ddpb-3khs","summary":"security update","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11724","reference_id":"","reference_type":"","scores":[{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85275","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85278","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85203","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85215","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85233","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85235","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85257","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.85266","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02474","scoring_system":"epss","scoring_elements":"0.8528","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11724"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11724"},{"reference_url":"https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openresty/lua-nginx-module/commit/9ab38e8ee35fc08a57636b1b6190dca70b0076fa"},{"reference_url":"https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/openresty/openresty/blob/4e8b4c395f842a078e429c80dd063b2323999957/patches/ngx_http_lua-0.10.15-fix_location_capture_content_length_chunked.patch"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html","reference_id":"","reference_type":"","scores":[],"url":"https://lists.debian.org/debian-lts-announce/2020/07/msg00014.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210129-0002/","reference_id":"","reference_type":"","scores":[],"url":"https://security.netapp.com/advisory/ntap-20210129-0002/"},{"reference_url":"https://www.debian.org/security/2020/dsa-4750","reference_id":"","reference_type":"","scores":[],"url":"https://www.debian.org/security/2020/dsa-4750"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950","reference_id":"964950","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=964950"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:openresty:openresty:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11724","reference_id":"CVE-2020-11724","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:P/A:N"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-11724"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"},{"reference_url":"https://usn.ubuntu.com/5371-3/","reference_id":"USN-5371-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2020-11724"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-36pf-ddpb-3khs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/81680?format=json","vulnerability_id":"VCID-3ysf-pvuu-47bs","summary":"nginx: HTTP request smuggling in configurations with URL redirect used as error_page","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-20372.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20372","reference_id":"","reference_type":"","scores":[{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98652","published_at":"2026-04-01T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98653","published_at":"2026-04-02T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98656","published_at":"2026-04-04T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98659","published_at":"2026-04-07T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.9866","published_at":"2026-04-08T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98661","published_at":"2026-04-09T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98664","published_at":"2026-04-12T12:55:00Z"},{"value":"0.69737","scoring_system":"epss","scoring_elements":"0.98665","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-20372"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-20372"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790277","reference_id":"1790277","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1790277"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579","reference_id":"948579","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=948579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2817","reference_id":"RHSA-2020:2817","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2817"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:5495","reference_id":"RHSA-2020:5495","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:5495"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0778","reference_id":"RHSA-2021:0778","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0778"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:0779","reference_id":"RHSA-2021:0779","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:0779"},{"reference_url":"https://usn.ubuntu.com/4235-1/","reference_id":"USN-4235-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4235-1/"},{"reference_url":"https://usn.ubuntu.com/4235-2/","reference_id":"USN-4235-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4235-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-20372"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-3ysf-pvuu-47bs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/54339?format=json","vulnerability_id":"VCID-4mqa-bkha-kbaj","summary":"security update","references":[{"reference_url":"http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/","reference_id":"","reference_type":"","scores":[],"url":"http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/"},{"reference_url":"http://code.google.com/p/chromium/issues/detail?id=139744","reference_id":"","reference_type":"","scores":[],"url":"http://code.google.com/p/chromium/issues/detail?id=139744"},{"reference_url":"http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html","reference_id":"","reference_type":"","scores":[],"url":"http://isecpartners.com/blog/2012/9/14/details-on-the-crime-attack.html"},{"reference_url":"http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html","reference_id":"","reference_type":"","scores":[],"url":"http://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000129.html"},{"reference_url":"http://jvn.jp/en/jp/JVN65273415/index.html","reference_id":"","reference_type":"","scores":[],"url":"http://jvn.jp/en/jp/JVN65273415/index.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.apple.com/archives/security-announce/2013/Jun/msg00000.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2012-10/msg00096.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00034.html"},{"reference_url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2013-01/msg00048.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=136612293908376&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=136612293908376&w=2"},{"reference_url":"http://news.ycombinator.com/item?id=4510829","reference_id":"","reference_type":"","scores":[],"url":"http://news.ycombinator.com/item?id=4510829"},{"reference_url":"http://rhn.redhat.com/errata/RHSA-2013-0587.html","reference_id":"","reference_type":"","scores":[],"url":"http://rhn.redhat.com/errata/RHSA-2013-0587.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4929.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2012-4929.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4929","reference_id":"","reference_type":"","scores":[{"value":"0.13867","scoring_system":"epss","scoring_elements":"0.94298","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13867","scoring_system":"epss","scoring_elements":"0.94297","published_at":"2026-04-12T12:55:00Z"},{"value":"0.15291","scoring_system":"epss","scoring_elements":"0.94599","published_at":"2026-04-04T12:55:00Z"},{"value":"0.15291","scoring_system":"epss","scoring_elements":"0.94585","published_at":"2026-04-01T12:55:00Z"},{"value":"0.15291","scoring_system":"epss","scoring_elements":"0.94611","published_at":"2026-04-08T12:55:00Z"},{"value":"0.15291","scoring_system":"epss","scoring_elements":"0.94615","published_at":"2026-04-09T12:55:00Z"},{"value":"0.15291","scoring_system":"epss","scoring_elements":"0.94601","published_at":"2026-04-07T12:55:00Z"},{"value":"0.15291","scoring_system":"epss","scoring_elements":"0.94592","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-4929"},{"reference_url":"https://chromiumcodereview.appspot.com/10825183","reference_id":"","reference_type":"","scores":[],"url":"https://chromiumcodereview.appspot.com/10825183"},{"reference_url":"https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls","reference_id":"","reference_type":"","scores":[],"url":"https://community.qualys.com/blogs/securitylabs/2012/09/14/crime-information-leakage-attack-against-ssltls"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor","reference_id":"","reference_type":"","scores":[],"url":"http://security.stackexchange.com/questions/19911/crime-how-to-beat-the-beast-successor"},{"reference_url":"https://gist.github.com/3696912","reference_id":"","reference_type":"","scores":[],"url":"https://gist.github.com/3696912"},{"reference_url":"https://github.com/mpgn/CRIME-poc","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/mpgn/CRIME-poc"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920","reference_id":"","reference_type":"","scores":[],"url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18920"},{"reference_url":"https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212","reference_id":"","reference_type":"","scores":[],"url":"https://threatpost.com/en_us/blogs/demo-crime-tls-attack-091212"},{"reference_url":"http://support.apple.com/kb/HT5784","reference_id":"","reference_type":"","scores":[],"url":"http://support.apple.com/kb/HT5784"},{"reference_url":"http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312","reference_id":"","reference_type":"","scores":[],"url":"http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312"},{"reference_url":"http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512","reference_id":"","reference_type":"","scores":[],"url":"http://threatpost.com/en_us/blogs/new-attack-uses-ssltls-information-leak-hijack-https-sessions-090512"},{"reference_url":"http://www.debian.org/security/2012/dsa-2579","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2012/dsa-2579"},{"reference_url":"http://www.debian.org/security/2013/dsa-2627","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2627"},{"reference_url":"http://www.debian.org/security/2015/dsa-3253","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2015/dsa-3253"},{"reference_url":"http://www.ekoparty.org/2012/thai-duong.php","reference_id":"","reference_type":"","scores":[],"url":"http://www.ekoparty.org/2012/thai-duong.php"},{"reference_url":"http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091","reference_id":"","reference_type":"","scores":[],"url":"http://www.iacr.org/cryptodb/data/paper.php?pubkey=3091"},{"reference_url":"http://www.securityfocus.com/bid/55704","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/55704"},{"reference_url":"http://www.theregister.co.uk/2012/09/14/crime_tls_attack/","reference_id":"","reference_type":"","scores":[],"url":"http://www.theregister.co.uk/2012/09/14/crime_tls_attack/"},{"reference_url":"http://www.ubuntu.com/usn/USN-1627-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1627-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1628-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1628-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-1898-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-1898-1"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689936","reference_id":"689936","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689936"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700399","reference_id":"700399","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700399"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700426","reference_id":"700426","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=700426"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727197","reference_id":"727197","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=727197"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728055","reference_id":"728055","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=728055"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=857051","reference_id":"857051","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=857051"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4929","reference_id":"CVE-2012-4929","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-4929"},{"reference_url":"https://security.gentoo.org/glsa/201309-12","reference_id":"GLSA-201309-12","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-12"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0587","reference_id":"RHSA-2013:0587","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0587"},{"reference_url":"https://access.redhat.com/errata/RHSA-2013:0636","reference_id":"RHSA-2013:0636","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2013:0636"},{"reference_url":"https://access.redhat.com/errata/RHSA-2014:0416","reference_id":"RHSA-2014:0416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2014:0416"},{"reference_url":"https://usn.ubuntu.com/1627-1/","reference_id":"USN-1627-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1627-1/"},{"reference_url":"https://usn.ubuntu.com/1628-1/","reference_id":"USN-1628-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1628-1/"},{"reference_url":"https://usn.ubuntu.com/1898-1/","reference_id":"USN-1898-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1898-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"}],"aliases":["CVE-2012-4929"],"risk_score":1.1,"exploitability":"0.5","weighted_severity":"2.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4mqa-bkha-kbaj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41?format=json","vulnerability_id":"VCID-64n7-ygvq-cfds","summary":"Excessive memory usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16843.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843","reference_id":"","reference_type":"","scores":[{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98063","published_at":"2026-04-01T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98082","published_at":"2026-04-13T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98076","published_at":"2026-04-09T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98081","published_at":"2026-04-12T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98067","published_at":"2026-04-02T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.9807","published_at":"2026-04-04T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98071","published_at":"2026-04-07T12:55:00Z"},{"value":"0.55541","scoring_system":"epss","scoring_elements":"0.98075","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511","reference_id":"1644511","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644511"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843","reference_id":"CVE-2018-16843","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16843"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16843"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-64n7-ygvq-cfds"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45?format=json","vulnerability_id":"VCID-9hzg-r1fj-pubf","summary":"Excessive CPU usage in HTTP/2 with priority changes","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9513.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513","reference_id":"","reference_type":"","scores":[{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91201","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.9125","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91221","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91235","published_at":"2026-04-08T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91241","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91248","published_at":"2026-04-11T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06705","scoring_system":"epss","scoring_elements":"0.91215","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741","reference_id":"1735741","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1735741"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513","reference_id":"CVE-2019-9513","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9513"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9513"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9hzg-r1fj-pubf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40?format=json","vulnerability_id":"VCID-asr7-uwpu-a7a5","summary":"STARTTLS command injection","references":[{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"},{"reference_url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2","reference_id":"","reference_type":"","scores":[],"url":"http://marc.info/?l=bugtraq&m=142103967620673&w=2"},{"reference_url":"http://nginx.org/download/patch.2014.starttls.txt","reference_id":"","reference_type":"","scores":[],"url":"http://nginx.org/download/patch.2014.starttls.txt"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3556.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3556.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3556","reference_id":"","reference_type":"","scores":[{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.9773","published_at":"2026-04-13T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97707","published_at":"2026-04-01T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97726","published_at":"2026-04-11T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97728","published_at":"2026-04-12T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97714","published_at":"2026-04-02T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97715","published_at":"2026-04-04T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97716","published_at":"2026-04-07T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.9772","published_at":"2026-04-08T12:55:00Z"},{"value":"0.48169","scoring_system":"epss","scoring_elements":"0.97723","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3556"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3556"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000144.html"},{"reference_url":"https://nginx.org/download/patch.2014.starttls.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.starttls.txt"},{"reference_url":"https://nginx.org/download/patch.2014.starttls.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.starttls.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126891","reference_id":"1126891","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1126891"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757196","reference_id":"757196","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=757196"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3556","reference_id":"CVE-2014-3556","reference_type":"","scores":[{"value":"6.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3556"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2014-3556"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"6.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-asr7-uwpu-a7a5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/9?format=json","vulnerability_id":"VCID-bana-j1wy-cfdy","summary":"Excessive CPU usage in HTTP/2","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16844.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844","reference_id":"","reference_type":"","scores":[{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93353","published_at":"2026-04-01T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93385","published_at":"2026-04-13T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93386","published_at":"2026-04-11T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93384","published_at":"2026-04-12T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93361","published_at":"2026-04-02T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93369","published_at":"2026-04-07T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93377","published_at":"2026-04-08T12:55:00Z"},{"value":"0.10883","scoring_system":"epss","scoring_elements":"0.93381","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000220.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510","reference_id":"1644510","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644510"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844","reference_id":"CVE-2018-16844","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16844"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16844"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-bana-j1wy-cfdy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/70179?format=json","vulnerability_id":"VCID-c4ta-jqmg-wfgf","summary":"lua-nginx-module: HTTP request smuggling via a crafted HEAD request","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json","reference_id":"","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-33452.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33452","reference_id":"","reference_type":"","scores":[{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72093","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72089","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.721","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72123","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72108","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72055","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72075","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00705","scoring_system":"epss","scoring_elements":"0.72051","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-33452"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-33452"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361691","reference_id":"2361691","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2361691"},{"reference_url":"https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/","reference_id":"OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests","reference_type":"","scores":[{"value":"7.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-22T19:26:16Z/"}],"url":"https://www.benasin.space/2025/03/18/OpenResty-lua-nginx-module-v0-10-26-HTTP-Request-Smuggling-in-HEAD-requests/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2024-33452"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"6.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c4ta-jqmg-wfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/15?format=json","vulnerability_id":"VCID-c9ym-ckeq-63dq","summary":"Memory corruption in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json","reference_id":"","reference_type":"","scores":[{"value":"7.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41741.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41741","reference_id":"","reference_type":"","scores":[{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74876","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74847","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74887","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74897","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74919","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74895","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74882","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00851","scoring_system":"epss","scoring_elements":"0.74849","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141495","reference_id":"2141495","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141495"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/","reference_id":"BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41741","reference_id":"CVE-2022-41741","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41741"},{"reference_url":"https://www.debian.org/security/2022/dsa-5281","reference_id":"dsa-5281","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://www.debian.org/security/2022/dsa-5281"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/","reference_id":"FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/"},{"reference_url":"https://support.f5.com/csp/article/K81926432","reference_id":"K81926432","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://support.f5.com/csp/article/K81926432"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230120-0005/","reference_id":"ntap-20230120-0005","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230120-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/5722-1/","reference_id":"USN-5722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5722-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/","reference_id":"WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ","reference_type":"","scores":[{"value":"7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:12:04Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2022-41741"],"risk_score":3.5,"exploitability":"0.5","weighted_severity":"7.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-c9ym-ckeq-63dq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/34?format=json","vulnerability_id":"VCID-cbn4-utmp-n7ba","summary":"1-byte memory overwrite in resolver","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-23017.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23017","reference_id":"","reference_type":"","scores":[{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98797","published_at":"2026-04-04T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98794","published_at":"2026-04-02T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98805","published_at":"2026-04-13T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98804","published_at":"2026-04-12T12:55:00Z"},{"value":"0.73544","scoring_system":"epss","scoring_elements":"0.98801","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-23017"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23017"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2021/000300.html"},{"reference_url":"https://nginx.org/download/patch.2021.resolver.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2021.resolver.txt"},{"reference_url":"https://nginx.org/download/patch.2021.resolver.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2021.resolver.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1963121","reference_id":"1963121","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1963121"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095","reference_id":"989095","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989095"},{"reference_url":"https://security.archlinux.org/ASA-202106-36","reference_id":"ASA-202106-36","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-36"},{"reference_url":"https://security.archlinux.org/ASA-202106-48","reference_id":"ASA-202106-48","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202106-48"},{"reference_url":"https://security.archlinux.org/AVG-1987","reference_id":"AVG-1987","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1987"},{"reference_url":"https://security.archlinux.org/AVG-1988","reference_id":"AVG-1988","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1988"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py","reference_id":"CVE-2021-23017","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/50973.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23017","reference_id":"CVE-2021-23017","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-23017"},{"reference_url":"https://security.gentoo.org/glsa/202105-38","reference_id":"GLSA-202105-38","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202105-38"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2258","reference_id":"RHSA-2021:2258","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2258"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2259","reference_id":"RHSA-2021:2259","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2259"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2278","reference_id":"RHSA-2021:2278","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2278"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:2290","reference_id":"RHSA-2021:2290","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:2290"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3653","reference_id":"RHSA-2021:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3851","reference_id":"RHSA-2021:3851","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3851"},{"reference_url":"https://access.redhat.com/errata/RHSA-2021:3925","reference_id":"RHSA-2021:3925","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2021:3925"},{"reference_url":"https://access.redhat.com/errata/RHSA-2022:0323","reference_id":"RHSA-2022:0323","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2022:0323"},{"reference_url":"https://usn.ubuntu.com/4967-1/","reference_id":"USN-4967-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4967-1/"},{"reference_url":"https://usn.ubuntu.com/4967-2/","reference_id":"USN-4967-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4967-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2021-23017"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"7.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cbn4-utmp-n7ba"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/16?format=json","vulnerability_id":"VCID-cjx4-a19z-xufq","summary":"Integer overflow in the range filter","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-7529.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529","reference_id":"","reference_type":"","scores":[{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99689","published_at":"2026-04-02T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99692","published_at":"2026-04-09T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99693","published_at":"2026-04-11T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.9969","published_at":"2026-04-04T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99691","published_at":"2026-04-07T12:55:00Z"},{"value":"0.91909","scoring_system":"epss","scoring_elements":"0.99694","published_at":"2026-04-12T12:55:00Z"},{"value":"0.92868","scoring_system":"epss","scoring_elements":"0.99768","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-7529"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7529"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2017/000200.html"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt"},{"reference_url":"https://nginx.org/download/patch.2017.ranges.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2017.ranges.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584","reference_id":"1468584","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1468584"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109","reference_id":"868109","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=868109"},{"reference_url":"https://security.archlinux.org/ASA-201707-11","reference_id":"ASA-201707-11","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-11"},{"reference_url":"https://security.archlinux.org/ASA-201707-12","reference_id":"ASA-201707-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201707-12"},{"reference_url":"https://security.archlinux.org/AVG-345","reference_id":"AVG-345","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-345"},{"reference_url":"https://security.archlinux.org/AVG-346","reference_id":"AVG-346","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-346"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529","reference_id":"CVE-2017-7529","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-7529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2017:2538","reference_id":"RHSA-2017:2538","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2017:2538"},{"reference_url":"https://usn.ubuntu.com/3352-1/","reference_id":"USN-3352-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3352-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2017-7529"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-cjx4-a19z-xufq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/25?format=json","vulnerability_id":"VCID-dmv4-ydq9-a7eq","summary":"Excessive CPU usage in HTTP/2 with small window updates","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9511.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511","reference_id":"","reference_type":"","scores":[{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94283","published_at":"2026-04-01T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94324","published_at":"2026-04-13T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94302","published_at":"2026-04-04T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94304","published_at":"2026-04-07T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94313","published_at":"2026-04-08T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94318","published_at":"2026-04-09T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94322","published_at":"2026-04-12T12:55:00Z"},{"value":"0.13948","scoring_system":"epss","scoring_elements":"0.94292","published_at":"2026-04-02T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15604"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15605"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15606"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9514"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860","reference_id":"1741860","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741860"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885","reference_id":"934885","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934885"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/ASA-201908-17","reference_id":"ASA-201908-17","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-17"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://security.archlinux.org/AVG-1024","reference_id":"AVG-1024","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1024"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511","reference_id":"CVE-2019-9511","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9511"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2692","reference_id":"RHSA-2019:2692","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2692"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2949","reference_id":"RHSA-2019:2949","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2949"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3041","reference_id":"RHSA-2019:3041","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3041"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2067","reference_id":"RHSA-2020:2067","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2067"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:2565","reference_id":"RHSA-2020:2565","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:2565"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:3192","reference_id":"RHSA-2020:3192","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:3192"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:5856","reference_id":"RHSA-2024:5856","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:5856"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"},{"reference_url":"https://usn.ubuntu.com/6754-1/","reference_id":"USN-6754-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6754-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9511"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dmv4-ydq9-a7eq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/12?format=json","vulnerability_id":"VCID-e49f-y1ky-5yb4","summary":"Insufficient limits of CNAME resolution in resolver","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0747.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0747","reference_id":"","reference_type":"","scores":[{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96904","published_at":"2026-04-13T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96872","published_at":"2026-04-01T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96897","published_at":"2026-04-08T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96899","published_at":"2026-04-09T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96901","published_at":"2026-04-11T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96903","published_at":"2026-04-12T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.9688","published_at":"2026-04-02T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96884","published_at":"2026-04-04T12:55:00Z"},{"value":"0.33182","scoring_system":"epss","scoring_elements":"0.96889","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0747"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa115","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/36","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2021/Sep/36"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"},{"reference_url":"https://support.apple.com/kb/HT212818","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT212818"},{"reference_url":"http://www.debian.org/security/2016/dsa-3473","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3473"},{"reference_url":"http://www.securitytracker.com/id/1034869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034869"},{"reference_url":"http://www.ubuntu.com/usn/USN-2892-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2892-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302589","reference_id":"1302589","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302589"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806","reference_id":"812806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0747","reference_id":"CVE-2016-0747","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0747"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2892-1/","reference_id":"USN-2892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2892-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035549?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-0747"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-e49f-y1ky-5yb4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/6?format=json","vulnerability_id":"VCID-eb23-pd25-yqg3","summary":"Buffer overread in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json","reference_id":"","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7347.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7347","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41622","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42313","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.423","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42348","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42355","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42377","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42341","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00202","scoring_system":"epss","scoring_elements":"0.42358","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-7347"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7347"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2024/UUOCLLONPR6244YQYU65PO5LB7JDYCWM.html"},{"reference_url":"https://nginx.org/download/patch.2024.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2024.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2024.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2024.mp4.txt.asc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971","reference_id":"1078971","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1078971"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304966","reference_id":"2304966","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2304966"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7347","reference_id":"CVE-2024-7347","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2024-7347"},{"reference_url":"https://security.gentoo.org/glsa/202409-32","reference_id":"GLSA-202409-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/202409-32"},{"reference_url":"https://my.f5.com/manage/s/article/K000140529","reference_id":"K000140529","reference_type":"","scores":[{"value":"4.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"},{"value":"5.7","scoring_system":"cvssv4","scoring_elements":"CVSS:4.0/AV:L/AC:H/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-14T15:27:31Z/"}],"url":"https://my.f5.com/manage/s/article/K000140529"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3261","reference_id":"RHSA-2025:3261","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3261"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:3262","reference_id":"RHSA-2025:3262","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:3262"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7542","reference_id":"RHSA-2025:7542","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7542"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7548","reference_id":"RHSA-2025:7548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7549","reference_id":"RHSA-2025:7549","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7549"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/7014-1/","reference_id":"USN-7014-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-1/"},{"reference_url":"https://usn.ubuntu.com/7014-2/","reference_id":"USN-7014-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-2/"},{"reference_url":"https://usn.ubuntu.com/7014-3/","reference_id":"USN-7014-3","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7014-3/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2024-7347"],"risk_score":2.1,"exploitability":"0.5","weighted_severity":"4.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eb23-pd25-yqg3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92255?format=json","vulnerability_id":"VCID-fgaf-wqmd-gqf3","summary":"nginx http proxy module does not verify peer identity of https origin server which could facilitate man-in-the-middle attack (MITM)","references":[{"reference_url":"https://access.redhat.com/security/cve/cve-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/security/cve/cve-2011-4968"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4968","reference_id":"","reference_type":"","scores":[{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60112","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6013","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.59987","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60065","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60089","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60059","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.6011","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60123","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00391","scoring_system":"epss","scoring_elements":"0.60145","published_at":"2026-04-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4968"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2011-4968"},{"reference_url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.suse.com/show_bug.cgi?id=CVE-2011-4968"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80952","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/80952"},{"reference_url":"https://security-tracker.debian.org/tracker/CVE-2011-4968","reference_id":"","reference_type":"","scores":[],"url":"https://security-tracker.debian.org/tracker/CVE-2011-4968"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/01/03/8","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/01/03/8"},{"reference_url":"http://www.securityfocus.com/bid/57139","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/57139"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940","reference_id":"697940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=697940"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.61:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.62:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.64:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.65:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.7.66:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.33:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.35:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.36:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:0.8.40:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.2.6:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4968","reference_id":"CVE-2011-4968","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:P/A:N"},{"value":"4.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4968"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2011-4968"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fgaf-wqmd-gqf3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/49?format=json","vulnerability_id":"VCID-g39b-k8vv-kyaq","summary":"Null pointer dereference vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3896.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3896.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3896","reference_id":"","reference_type":"","scores":[{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.85298","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.8531","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.85329","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.85331","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.85352","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.85361","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.85375","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.85373","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02511","scoring_system":"epss","scoring_elements":"0.8537","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3896"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3896","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3896"},{"reference_url":"https://nginx.org/download/patch.null.pointer.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.null.pointer.txt"},{"reference_url":"https://nginx.org/download/patch.null.pointer.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.null.pointer.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=539565","reference_id":"539565","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=539565"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3896","reference_id":"CVE-2009-3896","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3896"},{"reference_url":"https://security.gentoo.org/glsa/201203-22","reference_id":"GLSA-201203-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572017?format=json","purl":"pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-4mqa-bkha-kbaj"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-ktxc-d5t4-bkhg"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-m393-anc8-dfgf"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qpfs-f882-gqd3"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-wsxq-wqqr-n3ey"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3"}],"aliases":["CVE-2009-3896"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-g39b-k8vv-kyaq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/47?format=json","vulnerability_id":"VCID-jau7-gfz8-dkfa","summary":"The renegotiation vulnerability in SSL protocol","references":[{"reference_url":"http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://archives.neohapsis.com/archives/bugtraq/2013-11/0120.html"},{"reference_url":"http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blog.g-sec.lu/2009/11/tls-sslv3-renegotiation-vulnerability.html"},{"reference_url":"http://blogs.iss.net/archive/sslmitmiscsrf.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blogs.iss.net/archive/sslmitmiscsrf.html"},{"reference_url":"http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://blogs.sun.com/security/entry/vulnerability_in_tls_protocol_during"},{"reference_url":"http://clicky.me/tlsvuln","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://clicky.me/tlsvuln"},{"reference_url":"http://extendedsubset.com/?p=8","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://extendedsubset.com/?p=8"},{"reference_url":"http://extendedsubset.com/Renegotiating_TLS.pdf","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://extendedsubset.com/Renegotiating_TLS.pdf"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01945686"},{"reference_url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02436041"},{"reference_url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02273751"},{"reference_url":"http://kbase.redhat.com/faq/docs/DOC-20491","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://kbase.redhat.com/faq/docs/DOC-20491"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010/Jan/msg00000.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//May/msg00001.html"},{"reference_url":"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.apple.com/archives/security-announce/2010//May/msg00002.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039561.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-April/039957.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-May/040652.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049455.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049528.html"},{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049702.html"},{"reference_url":"http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.gnu.org/archive/html/gnutls-devel/2009-11/msg00029.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00009.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00005.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2010-12/msg00006.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00013.html"},{"reference_url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://lists.opensuse.org/opensuse-security-announce/2011-07/msg00014.html"},{"reference_url":"http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=apache-httpd-announce&m=125755783724966&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=126150535619567&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=126150535619567&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127128920008563&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127128920008563&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127419602507642&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127419602507642&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=127557596201693&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=127557596201693&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=130497311408250&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=130497311408250&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=132077688910227&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=132077688910227&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=133469267822771&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=134254866602253&w=2"},{"reference_url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=bugtraq&m=142660345230545&w=2"},{"reference_url":"http://marc.info/?l=cryptography&m=125752275331877&w=2","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://marc.info/?l=cryptography&m=125752275331877&w=2"},{"reference_url":"http://openbsd.org/errata45.html#010_openssl","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openbsd.org/errata45.html#010_openssl"},{"reference_url":"http://openbsd.org/errata46.html#004_openssl","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://openbsd.org/errata46.html#004_openssl"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1579","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1579"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1580","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1580"},{"reference_url":"https://access.redhat.com/errata/RHSA-2009:1694","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2009:1694"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0011","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0011"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0119","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0119"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0130","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0130"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0155"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0162","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0162"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0163","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0163"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0164","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0164"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0165","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0165"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0166","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0166"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0167","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0167"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0337","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0337"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0338","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0338"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0339","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0339"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0408","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0408"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0440","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0768","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0768"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0770","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0770"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0786","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0786"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0807","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0807"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0865","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0865"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0986","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0986"},{"reference_url":"https://access.redhat.com/errata/RHSA-2010:0987","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2010:0987"},{"reference_url":"https://access.redhat.com/errata/RHSA-2011:0880","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2011:0880"},{"reference_url":"https://access.redhat.com/errata/RHSA-2015:1591","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/errata/RHSA-2015:1591"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-3555.json"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2009-3555","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://access.redhat.com/security/cve/CVE-2009-3555"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3555","reference_id":"","reference_type":"","scores":[{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84701","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84628","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84642","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84662","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84664","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84686","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84693","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84711","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02288","scoring_system":"epss","scoring_elements":"0.84707","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3555"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=526689","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=526689"},{"reference_url":"https://bugzilla.mozilla.org/show_bug.cgi?id=545755","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.mozilla.org/show_bug.cgi?id=545755"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=533125","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=533125"},{"reference_url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=50325","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://bz.apache.org/bugzilla/show_bug.cgi?id=50325"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-4929"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3566"},{"reference_url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2010/ms10-049"},{"reference_url":"http://seclists.org/fulldisclosure/2009/Nov/139","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://seclists.org/fulldisclosure/2009/Nov/139"},{"reference_url":"http://security.gentoo.org/glsa/glsa-200912-01.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-200912-01.xml"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201203-22.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201203-22.xml"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201406-32.xml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54158","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/54158"},{"reference_url":"https://github.com/apache/tomcat","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat"},{"reference_url":"https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/apache/tomcat55/commit/359c7ee17f5759cc99988e1cc9e971fe4a6ffad5"},{"reference_url":"https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/14e4efd925da58b9fa63f20969fb7349b8a9c30d"},{"reference_url":"https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/2d4ca03acc27cc883c404d1745d92f983b6fada3"},{"reference_url":"https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/30af3f5630542a2340781f66553e734a6fd69701"},{"reference_url":"https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/328a523cbb2a2d4cd55283180614d4e03e2f8f02"},{"reference_url":"https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/3d315ac9dfaa2c03b4df82938d78bf5b755766b3"},{"reference_url":"https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/56f67141e82e16f68a860c3af9b7342da35cbe7d"},{"reference_url":"https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/b4e9488629bf03b4b65abf335e536e85386d1366"},{"reference_url":"https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/apache/tomcat/commit/df9633116b5fec8f47f1f008fb89a6e9d5895cd0"},{"reference_url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05150888"},{"reference_url":"https://kb.bluecoat.com/index?page=content&id=SA50","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://kb.bluecoat.com/index?page=content&id=SA50"},{"reference_url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.597446"},{"reference_url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/ba661b0edd913b39ff129a32d855620dd861883ade05fd88a8ce517d@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/f8e0814e11c7f21f42224b6de111cb3f5e5ab5c15b78924c516d4ec2@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/re3b72cbb13e1dfe85c4a06959a3b6ca6d939b407ecca80db12b54220@<dev.tomcat.apache.org>"},{"reference_url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rf8e8c091182b45daa50d3557cad9b10bb4198e3f08cf8f1c66a1b08d@<dev.tomcat.apache.org>"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt"},{"reference_url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.cve-2009-3555.txt.asc"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:10088"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11578"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:11617"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7315"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7478"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:7973"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8366"},{"reference_url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://oval.cisecurity.org/repository/search/definition/oval:org.mitre.oval:def:8535"},{"reference_url":"https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html"},{"reference_url":"https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt"},{"reference_url":"https://tomcat.apache.org/security-5.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-5.html"},{"reference_url":"https://tomcat.apache.org/security-6.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-6.html"},{"reference_url":"https://tomcat.apache.org/security-7.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://tomcat.apache.org/security-7.html"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-26-273350-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273029-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-66-274990-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021653.1-1"},{"reference_url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021752.1-1"},{"reference_url":"http://support.apple.com/kb/HT4004","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4004"},{"reference_url":"http://support.apple.com/kb/HT4170","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4170"},{"reference_url":"http://support.apple.com/kb/HT4171","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.apple.com/kb/HT4171"},{"reference_url":"http://support.avaya.com/css/P8/documents/100070150","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/css/P8/documents/100070150"},{"reference_url":"http://support.avaya.com/css/P8/documents/100081611","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/css/P8/documents/100081611"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114315","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/css/P8/documents/100114315"},{"reference_url":"http://support.avaya.com/css/P8/documents/100114327","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.avaya.com/css/P8/documents/100114327"},{"reference_url":"http://support.citrix.com/article/CTX123359","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.citrix.com/article/CTX123359"},{"reference_url":"http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.zeus.com/zws/media/docs/4.3/RELEASE_NOTES"},{"reference_url":"http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://support.zeus.com/zws/news/2010/01/13/zws_4_3r5_released"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00428.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00442.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00449.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00634.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00645.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00944.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01020.html"},{"reference_url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01029.html"},{"reference_url":"http://sysoev.ru/nginx/patch.cve-2009-3555.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://sysoev.ru/nginx/patch.cve-2009-3555.txt"},{"reference_url":"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://tomcat.apache.org/native-doc/miscellaneous/changelog-1.1.x.html"},{"reference_url":"http://ubuntu.com/usn/usn-923-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://ubuntu.com/usn/usn-923-1"},{"reference_url":"http://wiki.rpath.com/Advisories:rPSA-2009-0155","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://wiki.rpath.com/Advisories:rPSA-2009-0155"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC67848"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68054"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1IC68055"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg1PM12247"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21426108","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21426108"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg21432298","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg21432298"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg24006386","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24006386"},{"reference_url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025312","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-01.ibm.com/support/docview.wss?uid=swg24025312"},{"reference_url":"http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www-1.ibm.com/support/search.wss?rs=0&q=PM00675&apar=only"},{"reference_url":"http://www.arubanetworks.com/support/alerts/aid-020810.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.arubanetworks.com/support/alerts/aid-020810.txt"},{"reference_url":"http://www.betanews.com/article/1257452450","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.betanews.com/article/1257452450"},{"reference_url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b01d1d.shtml"},{"reference_url":"http://www.debian.org/security/2009/dsa-1934","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2009/dsa-1934"},{"reference_url":"http://www.debian.org/security/2011/dsa-2141","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2011/dsa-2141"},{"reference_url":"http://www.debian.org/security/2015/dsa-3253","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.debian.org/security/2015/dsa-3253"},{"reference_url":"http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html"},{"reference_url":"http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS10-030/index.html"},{"reference_url":"http://www.ietf.org/mail-archive/web/tls/current/msg03928.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ietf.org/mail-archive/web/tls/current/msg03928.html"},{"reference_url":"http://www.ietf.org/mail-archive/web/tls/current/msg03948.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ietf.org/mail-archive/web/tls/current/msg03948.html"},{"reference_url":"http://www.ingate.com/Relnote.php?ver=481","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ingate.com/Relnote.php?ver=481"},{"reference_url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995"},{"reference_url":"http://www.kb.cert.org/vuls/id/120541","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.kb.cert.org/vuls/id/120541"},{"reference_url":"http://www.links.org/?p=780","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.links.org/?p=780"},{"reference_url":"http://www.links.org/?p=786","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.links.org/?p=786"},{"reference_url":"http://www.links.org/?p=789","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.links.org/?p=789"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:076"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:084"},{"reference_url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:089","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mandriva.com/security/advisories?name=MDVSA-2010:089"},{"reference_url":"http://www.mozilla.org/security/announce/2010/mfsa2010-22.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.mozilla.org/security/announce/2010/mfsa2010-22.html"},{"reference_url":"http://www.openoffice.org/security/cves/CVE-2009-3555.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openoffice.org/security/cves/CVE-2009-3555.html"},{"reference_url":"http://www.openssl.org/news/secadv_20091111.txt","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openssl.org/news/secadv_20091111.txt"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/05/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/05/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/05/5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/05/5"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/06/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/06/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/07/3","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/07/3"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/20/1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/20/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2009/11/23/10","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.openwall.com/lists/oss-security/2009/11/23/10"},{"reference_url":"http://www.opera.com/docs/changelogs/unix/1060","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.opera.com/docs/changelogs/unix/1060"},{"reference_url":"http://www.opera.com/support/search/view/944","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.opera.com/support/search/view/944"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html"},{"reference_url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html"},{"reference_url":"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.2c"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0119.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0130.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0130.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0155.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0155.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0165.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0165.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0167.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0167.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0337.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0337.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0338.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0338.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0339.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0339.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0768.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0768.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0770.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0770.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0786.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0786.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0807.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0807.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0865.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0865.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0986.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0986.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2010-0987.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2010-0987.html"},{"reference_url":"http://www.redhat.com/support/errata/RHSA-2011-0880.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.redhat.com/support/errata/RHSA-2011-0880.html"},{"reference_url":"http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-cve.html"},{"reference_url":"http://www.tombom.co.uk/blog/?p=85","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.tombom.co.uk/blog/?p=85"},{"reference_url":"http://www.ubuntu.com/usn/USN-1010-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-1010-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-1","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-927-1"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-4","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-927-4"},{"reference_url":"http://www.ubuntu.com/usn/USN-927-5","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.ubuntu.com/usn/USN-927-5"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-222A.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-222A.html"},{"reference_url":"http://www.us-cert.gov/cas/techalerts/TA10-287A.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.us-cert.gov/cas/techalerts/TA10-287A.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2010-0019.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2010-0019.html"},{"reference_url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/security/advisories/VMSA-2011-0003.html"},{"reference_url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html","reference_id":"","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"http://www.vmware.com/support/vsphere4/doc/vsp_vc41_u1_rel_notes.html"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649","reference_id":"765649","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=765649"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py","reference_id":"CVE-2009-3555","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10579.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555","reference_id":"CVE-2009-3555","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3555"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt","reference_id":"CVE-2009-3555;OSVDB-59970","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/10071.txt"},{"reference_url":"https://www.securityfocus.com/bid/35888/info","reference_id":"CVE-2009-3555;OSVDB-59970","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/35888/info"},{"reference_url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6","reference_id":"GHSA-f7w7-6pjc-wwm6","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-f7w7-6pjc-wwm6"},{"reference_url":"https://security.gentoo.org/glsa/200912-01","reference_id":"GLSA-200912-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200912-01"},{"reference_url":"https://security.gentoo.org/glsa/201006-18","reference_id":"GLSA-201006-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201006-18"},{"reference_url":"https://security.gentoo.org/glsa/201110-05","reference_id":"GLSA-201110-05","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201110-05"},{"reference_url":"https://security.gentoo.org/glsa/201203-22","reference_id":"GLSA-201203-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-22"},{"reference_url":"https://security.gentoo.org/glsa/201206-18","reference_id":"GLSA-201206-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-18"},{"reference_url":"https://security.gentoo.org/glsa/201301-01","reference_id":"GLSA-201301-01","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201301-01"},{"reference_url":"https://security.gentoo.org/glsa/201309-15","reference_id":"GLSA-201309-15","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201309-15"},{"reference_url":"https://security.gentoo.org/glsa/201311-13","reference_id":"GLSA-201311-13","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201311-13"},{"reference_url":"https://security.gentoo.org/glsa/201406-32","reference_id":"GLSA-201406-32","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-32"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22","reference_id":"mfsa2010-22","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-22"},{"reference_url":"https://usn.ubuntu.com/1010-1/","reference_id":"USN-1010-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/1010-1/"},{"reference_url":"https://usn.ubuntu.com/860-1/","reference_id":"USN-860-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/860-1/"},{"reference_url":"https://usn.ubuntu.com/923-1/","reference_id":"USN-923-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/923-1/"},{"reference_url":"https://usn.ubuntu.com/927-1/","reference_id":"USN-927-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-1/"},{"reference_url":"https://usn.ubuntu.com/927-4/","reference_id":"USN-927-4","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-4/"},{"reference_url":"https://usn.ubuntu.com/927-6/","reference_id":"USN-927-6","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/927-6/"},{"reference_url":"https://usn.ubuntu.com/990-1/","reference_id":"USN-990-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/990-1/"},{"reference_url":"https://usn.ubuntu.com/990-2/","reference_id":"USN-990-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/990-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572017?format=json","purl":"pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-4mqa-bkha-kbaj"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-ktxc-d5t4-bkhg"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-m393-anc8-dfgf"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qpfs-f882-gqd3"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-wsxq-wqqr-n3ey"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3"}],"aliases":["CVE-2009-3555","GHSA-f7w7-6pjc-wwm6","VU#120541"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jau7-gfz8-dkfa"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/23?format=json","vulnerability_id":"VCID-jtgk-h6v6-2fgs","summary":"Use-after-free during CNAME response processing in resolver","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0746.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0746","reference_id":"","reference_type":"","scores":[{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94336","published_at":"2026-04-13T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94296","published_at":"2026-04-01T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94317","published_at":"2026-04-07T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94326","published_at":"2026-04-08T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94331","published_at":"2026-04-09T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94335","published_at":"2026-04-12T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94305","published_at":"2026-04-02T12:55:00Z"},{"value":"0.14006","scoring_system":"epss","scoring_elements":"0.94316","published_at":"2026-04-04T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0746"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa115","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/36","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2021/Sep/36"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"2.6","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:H/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"},{"reference_url":"https://support.apple.com/kb/HT212818","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT212818"},{"reference_url":"http://www.debian.org/security/2016/dsa-3473","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3473"},{"reference_url":"http://www.securitytracker.com/id/1034869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034869"},{"reference_url":"http://www.ubuntu.com/usn/USN-2892-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2892-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302588","reference_id":"1302588","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302588"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806","reference_id":"812806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0746","reference_id":"CVE-2016-0746","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:P/A:P"},{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0746"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2892-1/","reference_id":"USN-2892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2892-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035549?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-0746"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-jtgk-h6v6-2fgs"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/48?format=json","vulnerability_id":"VCID-kcsp-h1s5-wbea","summary":"Excessive memory usage in HTTP/2 with zero length headers","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-9516.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516","reference_id":"","reference_type":"","scores":[{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8426","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84326","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84314","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84319","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84337","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.8433","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84272","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84291","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02173","scoring_system":"epss","scoring_elements":"0.84292","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-9516"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9511"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9513"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9516"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html","reference_id":"","reference_type":"","scores":[{"value":"low","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2019/000249.html"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864","reference_id":"1741864","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1741864"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037","reference_id":"935037","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=935037"},{"reference_url":"https://security.archlinux.org/ASA-201908-12","reference_id":"ASA-201908-12","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-12"},{"reference_url":"https://security.archlinux.org/ASA-201908-13","reference_id":"ASA-201908-13","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201908-13"},{"reference_url":"https://security.archlinux.org/AVG-1022","reference_id":"AVG-1022","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1022"},{"reference_url":"https://security.archlinux.org/AVG-1023","reference_id":"AVG-1023","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1023"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516","reference_id":"CVE-2019-9516","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-9516"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2745","reference_id":"RHSA-2019:2745","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2745"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2746","reference_id":"RHSA-2019:2746","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2746"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2775","reference_id":"RHSA-2019:2775","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2775"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2799","reference_id":"RHSA-2019:2799","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2799"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2946","reference_id":"RHSA-2019:2946","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2946"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:2950","reference_id":"RHSA-2019:2950","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:2950"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3932","reference_id":"RHSA-2019:3932","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3932"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3933","reference_id":"RHSA-2019:3933","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3933"},{"reference_url":"https://access.redhat.com/errata/RHSA-2019:3935","reference_id":"RHSA-2019:3935","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2019:3935"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0922","reference_id":"RHSA-2020:0922","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0922"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:0983","reference_id":"RHSA-2020:0983","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:0983"},{"reference_url":"https://access.redhat.com/errata/RHSA-2020:1445","reference_id":"RHSA-2020:1445","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2020:1445"},{"reference_url":"https://usn.ubuntu.com/4099-1/","reference_id":"USN-4099-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/4099-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"},{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2019-9516"],"risk_score":3.1,"exploitability":"0.5","weighted_severity":"6.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kcsp-h1s5-wbea"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/24?format=json","vulnerability_id":"VCID-ktxc-d5t4-bkhg","summary":"Buffer overflow in resolver","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4315","reference_id":"","reference_type":"","scores":[{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.8607","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.8608","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.86096","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.86114","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.86126","published_at":"2026-04-09T12:55:00Z"},{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.8614","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.86139","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02811","scoring_system":"epss","scoring_elements":"0.86135","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2011-4315"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4315","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4315"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4315","reference_id":"CVE-2011-4315","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2011-4315"},{"reference_url":"https://security.gentoo.org/glsa/201203-22","reference_id":"GLSA-201203-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"}],"aliases":["CVE-2011-4315"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ktxc-d5t4-bkhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/3?format=json","vulnerability_id":"VCID-m1y8-m8z6-kyg9","summary":"SPDY heap buffer overflow","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0133.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-0133.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0133","reference_id":"","reference_type":"","scores":[{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95596","published_at":"2026-04-01T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95605","published_at":"2026-04-02T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.9561","published_at":"2026-04-04T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95612","published_at":"2026-04-07T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95621","published_at":"2026-04-08T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95624","published_at":"2026-04-09T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95629","published_at":"2026-04-12T12:55:00Z"},{"value":"0.20913","scoring_system":"epss","scoring_elements":"0.95631","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-0133"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0133"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html","reference_id":"","reference_type":"","scores":[],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000135.html"},{"reference_url":"https://nginx.org/download/patch.2014.spdy2.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.spdy2.txt"},{"reference_url":"https://nginx.org/download/patch.2014.spdy2.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2014.spdy2.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077988","reference_id":"1077988","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1077988"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742059","reference_id":"742059","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742059"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0133","reference_id":"CVE-2014-0133","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-0133"},{"reference_url":"https://security.gentoo.org/glsa/201406-20","reference_id":"GLSA-201406-20","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201406-20"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2014-0133"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m1y8-m8z6-kyg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/32?format=json","vulnerability_id":"VCID-m393-anc8-dfgf","summary":"Buffer overflow in the ngx_http_mp4_module","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2089","reference_id":"","reference_type":"","scores":[{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.89995","published_at":"2026-04-01T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.89998","published_at":"2026-04-02T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.9001","published_at":"2026-04-04T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.90015","published_at":"2026-04-07T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.90031","published_at":"2026-04-08T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.90037","published_at":"2026-04-09T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.90045","published_at":"2026-04-11T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.90044","published_at":"2026-04-12T12:55:00Z"},{"value":"0.05317","scoring_system":"epss","scoring_elements":"0.90038","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-2089"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2089","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2089"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html","reference_id":"","reference_type":"","scores":[],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2012/000080.html"},{"reference_url":"https://nginx.org/download/patch.2012.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2012.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2012.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2012.mp4.txt.asc"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2089","reference_id":"CVE-2012-2089","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-2089"},{"reference_url":"https://security.gentoo.org/glsa/201206-07","reference_id":"GLSA-201206-07","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201206-07"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"}],"aliases":["CVE-2012-2089"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m393-anc8-dfgf"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39?format=json","vulnerability_id":"VCID-mhdp-u59y-2kgw","summary":"Buffer underflow vulnerability","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2629.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2629.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2629","reference_id":"","reference_type":"","scores":[{"value":"0.781","scoring_system":"epss","scoring_elements":"0.99012","published_at":"2026-04-07T12:55:00Z"},{"value":"0.781","scoring_system":"epss","scoring_elements":"0.99015","published_at":"2026-04-11T12:55:00Z"},{"value":"0.781","scoring_system":"epss","scoring_elements":"0.99017","published_at":"2026-04-13T12:55:00Z"},{"value":"0.781","scoring_system":"epss","scoring_elements":"0.99011","published_at":"2026-04-04T12:55:00Z"},{"value":"0.781","scoring_system":"epss","scoring_elements":"0.99014","published_at":"2026-04-09T12:55:00Z"},{"value":"0.80762","scoring_system":"epss","scoring_elements":"0.99135","published_at":"2026-04-02T12:55:00Z"},{"value":"0.80762","scoring_system":"epss","scoring_elements":"0.99134","published_at":"2026-04-01T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-2629"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2629"},{"reference_url":"https://nginx.org/download/patch.180065.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.180065.txt"},{"reference_url":"https://nginx.org/download/patch.180065.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.180065.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=523105","reference_id":"523105","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=523105"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/14830.py","reference_id":"CVE-2009-2629","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/14830.py"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2629","reference_id":"CVE-2009-2629","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-2629"},{"reference_url":"https://security.gentoo.org/glsa/200909-18","reference_id":"GLSA-200909-18","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/200909-18"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572017?format=json","purl":"pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-4mqa-bkha-kbaj"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-ktxc-d5t4-bkhg"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-m393-anc8-dfgf"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qpfs-f882-gqd3"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-wsxq-wqqr-n3ey"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3"}],"aliases":["CVE-2009-2629","VU#180065"],"risk_score":1.4,"exploitability":"2.0","weighted_severity":"0.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mhdp-u59y-2kgw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/44?format=json","vulnerability_id":"VCID-nckn-qkc8-t7ge","summary":"Memory disclosure in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16845.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845","reference_id":"","reference_type":"","scores":[{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90931","published_at":"2026-04-01T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90982","published_at":"2026-04-12T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90972","published_at":"2026-04-09T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90981","published_at":"2026-04-13T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90936","published_at":"2026-04-02T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90945","published_at":"2026-04-04T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90956","published_at":"2026-04-07T12:55:00Z"},{"value":"0.06332","scoring_system":"epss","scoring_elements":"0.90966","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-16845"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16843"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16844"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16845"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"8.2","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2018/000221.html"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2018.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2018.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508","reference_id":"1644508","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1644508"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090","reference_id":"913090","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913090"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845","reference_id":"CVE-2018-16845","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-16845"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3652","reference_id":"RHSA-2018:3652","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3652"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3653","reference_id":"RHSA-2018:3653","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3653"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3680","reference_id":"RHSA-2018:3680","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3680"},{"reference_url":"https://access.redhat.com/errata/RHSA-2018:3681","reference_id":"RHSA-2018:3681","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2018:3681"},{"reference_url":"https://usn.ubuntu.com/3812-1/","reference_id":"USN-3812-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3812-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036992?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u4"},{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2018-16845"],"risk_score":3.7,"exploitability":"0.5","weighted_severity":"7.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nckn-qkc8-t7ge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/59738?format=json","vulnerability_id":"VCID-p933-hxvk-37bk","summary":"Gentoo's NGINX ebuilds are vulnerable to privilege escalation due\n    to the way log files are handled.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-1247.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1247","reference_id":"","reference_type":"","scores":[{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92947","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92976","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92972","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92977","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92975","published_at":"2026-04-12T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92956","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92961","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.9296","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0983","scoring_system":"epss","scoring_elements":"0.92968","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-1247"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1247"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:M/Au:S/C:C/I:P/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390182","reference_id":"1390182","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1390182"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295","reference_id":"842295","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=842295"},{"reference_url":"https://security.archlinux.org/ASA-201701-23","reference_id":"ASA-201701-23","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-23"},{"reference_url":"https://security.archlinux.org/ASA-201701-24","reference_id":"ASA-201701-24","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-201701-24"},{"reference_url":"https://security.archlinux.org/AVG-138","reference_id":"AVG-138","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-138"},{"reference_url":"https://security.archlinux.org/AVG-139","reference_id":"AVG-139","reference_type":"","scores":[{"value":"High","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-139"},{"reference_url":"http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html","reference_id":"CVE-2016-1247","reference_type":"exploit","scores":[],"url":"http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh","reference_id":"CVE-2016-1247","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/local/40768.sh"},{"reference_url":"https://security.gentoo.org/glsa/201701-22","reference_id":"GLSA-201701-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201701-22"},{"reference_url":"https://usn.ubuntu.com/3114-1/","reference_id":"USN-3114-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/3114-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-1247"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"8.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p933-hxvk-37bk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/33?format=json","vulnerability_id":"VCID-pmrf-dxst-p7a7","summary":"Request line parsing vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4547","reference_id":"","reference_type":"","scores":[{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.9963","published_at":"2026-04-04T12:55:00Z"},{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.99629","published_at":"2026-04-02T12:55:00Z"},{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.99632","published_at":"2026-04-12T12:55:00Z"},{"value":"0.90921","scoring_system":"epss","scoring_elements":"0.99633","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-4547"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4547"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000125.html"},{"reference_url":"https://nginx.org/download/patch.2013.space.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.space.txt"},{"reference_url":"https://nginx.org/download/patch.2013.space.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.space.txt.asc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012","reference_id":"730012","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=730012"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4547","reference_id":"CVE-2013-4547","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-4547"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38846.txt","reference_id":"CVE-2013-4547;OSVDB-100015","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/38846.txt"},{"reference_url":"https://www.securityfocus.com/bid/63814/info","reference_id":"CVE-2013-4547;OSVDB-100015","reference_type":"exploit","scores":[],"url":"https://www.securityfocus.com/bid/63814/info"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2013-4547"],"risk_score":7.0,"exploitability":"2.0","weighted_severity":"3.5","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-pmrf-dxst-p7a7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/92358?format=json","vulnerability_id":"VCID-qpfs-f882-gqd3","summary":"Directory traversal vulnerability in naxsi-ui/nx_extract.py in the Naxsi module before 0.46-1 for Nginx allows local users to read arbitrary files via unspecified vectors.","references":[{"reference_url":"http://code.google.com/p/naxsi/","reference_id":"","reference_type":"","scores":[],"url":"http://code.google.com/p/naxsi/"},{"reference_url":"http://code.google.com/p/naxsi/source/detail?r=307","reference_id":"","reference_type":"","scores":[],"url":"http://code.google.com/p/naxsi/source/detail?r=307"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3380","reference_id":"","reference_type":"","scores":[{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37649","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37549","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37731","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37756","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37633","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37685","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37698","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37712","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00166","scoring_system":"epss","scoring_elements":"0.37677","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-3380"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3380","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3380"},{"reference_url":"http://secunia.com/advisories/49811","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/49811"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/07/05/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/07/05/1"},{"reference_url":"http://www.openwall.com/lists/oss-security/2012/07/06/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2012/07/06/3"},{"reference_url":"http://www.osvdb.org/83617","reference_id":"","reference_type":"","scores":[],"url":"http://www.osvdb.org/83617"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:wargio:naxsi:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3380","reference_id":"CVE-2012-3380","reference_type":"","scores":[{"value":"2.1","scoring_system":"cvssv2","scoring_elements":"AV:L/AC:L/Au:N/C:P/I:N/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-3380"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"}],"aliases":["CVE-2012-3380"],"risk_score":0.9,"exploitability":"0.5","weighted_severity":"1.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qpfs-f882-gqd3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/37?format=json","vulnerability_id":"VCID-qzcz-zvv6-dyda","summary":"Invalid pointer dereference in resolver","references":[{"reference_url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.opensuse.org/opensuse-updates/2016-02/msg00042.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx/2016-January/049700.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-0742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0742","reference_id":"","reference_type":"","scores":[{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99122","published_at":"2026-04-13T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99113","published_at":"2026-04-01T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99114","published_at":"2026-04-02T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99117","published_at":"2026-04-04T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.9912","published_at":"2026-04-07T12:55:00Z"},{"value":"0.80364","scoring_system":"epss","scoring_elements":"0.99121","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-0742"},{"reference_url":"https://bto.bluecoat.com/security-advisory/sa115","reference_id":"","reference_type":"","scores":[],"url":"https://bto.bluecoat.com/security-advisory/sa115"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0746"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0747"},{"reference_url":"http://seclists.org/fulldisclosure/2021/Sep/36","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/fulldisclosure/2021/Sep/36"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000169.html"},{"reference_url":"https://support.apple.com/kb/HT212818","reference_id":"","reference_type":"","scores":[],"url":"https://support.apple.com/kb/HT212818"},{"reference_url":"http://www.debian.org/security/2016/dsa-3473","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3473"},{"reference_url":"http://www.securitytracker.com/id/1034869","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1034869"},{"reference_url":"http://www.ubuntu.com/usn/USN-2892-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2892-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302587","reference_id":"1302587","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1302587"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806","reference_id":"812806","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=812806"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.1:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0742","reference_id":"CVE-2016-0742","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-0742"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2892-1/","reference_id":"USN-2892-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2892-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035549?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u2~bpo70%2B1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u2~bpo70%252B1"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-0742"],"risk_score":10.0,"exploitability":"2.0","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qzcz-zvv6-dyda"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/10?format=json","vulnerability_id":"VCID-rsr7-p977-tycc","summary":"NULL pointer dereference while writing client request body","references":[{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-4450.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4450","reference_id":"","reference_type":"","scores":[{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88453","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88405","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88445","published_at":"2026-04-08T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88451","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88462","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88454","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88414","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88422","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04016","scoring_system":"epss","scoring_elements":"0.88426","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4450"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4450"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2016/000179.html"},{"reference_url":"https://nginx.org/download/patch.2016.write2.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write2.txt"},{"reference_url":"https://nginx.org/download/patch.2016.write2.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write2.txt.asc"},{"reference_url":"https://nginx.org/download/patch.2016.write.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write.txt"},{"reference_url":"https://nginx.org/download/patch.2016.write.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2016.write.txt.asc"},{"reference_url":"http://www.debian.org/security/2016/dsa-3592","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2016/dsa-3592"},{"reference_url":"http://www.securityfocus.com/bid/90967","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/90967"},{"reference_url":"http://www.securitytracker.com/id/1036019","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1036019"},{"reference_url":"http://www.ubuntu.com/usn/USN-2991-1","reference_id":"","reference_type":"","scores":[],"url":"http://www.ubuntu.com/usn/USN-2991-1"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341462","reference_id":"1341462","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1341462"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960","reference_id":"825960","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=825960"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:1.11.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:15.10:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_id":"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4450","reference_id":"CVE-2016-4450","reference_type":"","scores":[{"value":"5.0","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:N/I:N/A:P"},{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-4450"},{"reference_url":"https://security.gentoo.org/glsa/201606-06","reference_id":"GLSA-201606-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201606-06"},{"reference_url":"https://access.redhat.com/errata/RHSA-2016:1425","reference_id":"RHSA-2016:1425","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2016:1425"},{"reference_url":"https://usn.ubuntu.com/2991-1/","reference_id":"USN-2991-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2991-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"},{"url":"http://public2.vulnerablecode.io/api/packages/1036991?format=json","purl":"pkg:deb/debian/nginx@1.10.3-1%2Bdeb9u1~bpo8%2B2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.10.3-1%252Bdeb9u1~bpo8%252B2"}],"aliases":["CVE-2016-4450"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-rsr7-p977-tycc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42?format=json","vulnerability_id":"VCID-t6gs-g1cq-hqem","summary":"Directory traversal vulnerability","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3898","reference_id":"","reference_type":"","scores":[{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77756","published_at":"2026-04-01T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77762","published_at":"2026-04-02T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77789","published_at":"2026-04-04T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77773","published_at":"2026-04-07T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.778","published_at":"2026-04-08T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77805","published_at":"2026-04-09T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77831","published_at":"2026-04-11T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77815","published_at":"2026-04-12T12:55:00Z"},{"value":"0.01078","scoring_system":"epss","scoring_elements":"0.77814","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2009-3898"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3898","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3898"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557389","reference_id":"557389","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=557389"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3898","reference_id":"CVE-2009-3898","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2009-3898"},{"reference_url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9829.txt","reference_id":"CVE-2009-3898;OSVDB-58328","reference_type":"exploit","scores":[],"url":"https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/remote/9829.txt"},{"reference_url":"https://security.gentoo.org/glsa/201203-22","reference_id":"GLSA-201203-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572017?format=json","purl":"pkg:deb/debian/nginx@0.7.67-3%2Bsqueeze3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-4mqa-bkha-kbaj"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-ktxc-d5t4-bkhg"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-m393-anc8-dfgf"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qpfs-f882-gqd3"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-wsxq-wqqr-n3ey"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.7.67-3%252Bsqueeze3"}],"aliases":["CVE-2009-3898"],"risk_score":null,"exploitability":"2.0","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-t6gs-g1cq-hqem"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/13?format=json","vulnerability_id":"VCID-u25m-v3f6-23dk","summary":"Memory disclosure with specially crafted HTTP backend responses","references":[{"reference_url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html","reference_id":"","reference_type":"","scores":[],"url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105950.html"},{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"},{"reference_url":"http://nginx.org/download/patch.2013.proxy.txt","reference_id":"","reference_type":"","scores":[],"url":"http://nginx.org/download/patch.2013.proxy.txt"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2070","reference_id":"","reference_type":"","scores":[{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89248","published_at":"2026-04-13T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.892","published_at":"2026-04-01T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89245","published_at":"2026-04-09T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89255","published_at":"2026-04-11T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89251","published_at":"2026-04-12T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89206","published_at":"2026-04-02T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.8922","published_at":"2026-04-04T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.89222","published_at":"2026-04-07T12:55:00Z"},{"value":"0.04601","scoring_system":"epss","scoring_elements":"0.8924","published_at":"2026-04-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2013-2070"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=962525","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=962525"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2070"},{"reference_url":"http://seclists.org/oss-sec/2013/q2/291","reference_id":"","reference_type":"","scores":[],"url":"http://seclists.org/oss-sec/2013/q2/291"},{"reference_url":"http://secunia.com/advisories/55181","reference_id":"","reference_type":"","scores":[],"url":"http://secunia.com/advisories/55181"},{"reference_url":"http://security.gentoo.org/glsa/glsa-201310-04.xml","reference_id":"","reference_type":"","scores":[],"url":"http://security.gentoo.org/glsa/glsa-201310-04.xml"},{"reference_url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84172","reference_id":"","reference_type":"","scores":[],"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/84172"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"6.4","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:L/Au:N/C:P/I:N/A:P"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2013/000114.html"},{"reference_url":"https://nginx.org/download/patch.2013.chunked.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.chunked.txt"},{"reference_url":"https://nginx.org/download/patch.2013.chunked.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.chunked.txt.asc"},{"reference_url":"https://nginx.org/download/patch.2013.proxy.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.proxy.txt"},{"reference_url":"https://nginx.org/download/patch.2013.proxy.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2013.proxy.txt.asc"},{"reference_url":"http://www.debian.org/security/2013/dsa-2721","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2013/dsa-2721"},{"reference_url":"http://www.openwall.com/lists/oss-security/2013/05/13/3","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2013/05/13/3"},{"reference_url":"http://www.securityfocus.com/bid/59824","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/59824"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164","reference_id":"708164","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2070","reference_id":"CVE-2013-2070","reference_type":"","scores":[{"value":"5.8","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:P/I:N/A:P"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2013-2070"},{"reference_url":"https://security.gentoo.org/glsa/201310-04","reference_id":"GLSA-201310-04","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201310-04"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2013-2070"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.2","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u25m-v3f6-23dk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/80226?format=json","vulnerability_id":"VCID-u8aq-2qhu-gff5","summary":"ALPACA: Application Layer Protocol Confusion - Analyzing and Mitigating Cracks in TLS Authentication","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-3618.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3618","reference_id":"","reference_type":"","scores":[{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69833","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69896","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69886","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69902","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69925","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6991","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69845","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.6986","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00615","scoring_system":"epss","scoring_elements":"0.69837","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2021-3618"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975623","reference_id":"1975623","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1975623"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328","reference_id":"991328","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991328"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329","reference_id":"991329","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991329"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331","reference_id":"991331","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991331"},{"reference_url":"https://security.archlinux.org/AVG-2101","reference_id":"AVG-2101","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2101"},{"reference_url":"https://security.archlinux.org/AVG-2102","reference_id":"AVG-2102","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2102"},{"reference_url":"https://security.archlinux.org/AVG-2103","reference_id":"AVG-2103","reference_type":"","scores":[{"value":"Medium","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-2103"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"},{"reference_url":"https://usn.ubuntu.com/5371-2/","reference_id":"USN-5371-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-2/"},{"reference_url":"https://usn.ubuntu.com/6379-1/","reference_id":"USN-6379-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6379-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2021-3618"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.7","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u8aq-2qhu-gff5"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/85848?format=json","vulnerability_id":"VCID-uqb5-ensa-8yht","summary":"regression update","references":[],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1036331?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5%2Bdeb8u5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5%252Bdeb8u5"}],"aliases":["DSA-3701-2 nginx"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-uqb5-ensa-8yht"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/22?format=json","vulnerability_id":"VCID-wc3j-5xmu-kyex","summary":"Memory disclosure in the ngx_http_mp4_module","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json","reference_id":"","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-41742.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41742","reference_id":"","reference_type":"","scores":[{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.27047","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.2701","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26855","published_at":"2026-04-13T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26912","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26956","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26953","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26906","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00097","scoring_system":"epss","scoring_elements":"0.26837","published_at":"2026-04-07T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2022-41742"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41741"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41742"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2022/RBRRON6PYBJJM2XIAPQBFBVLR4Q6IHRA.html"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt"},{"reference_url":"https://nginx.org/download/patch.2022.mp4.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2022.mp4.txt.asc"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141496","reference_id":"2141496","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2141496"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/","reference_id":"BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BPRVYA4FS34VWB4FEFYNAD7Z2LFCJVEI/"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41742","reference_id":"CVE-2022-41742","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-41742"},{"reference_url":"https://www.debian.org/security/2022/dsa-5281","reference_id":"dsa-5281","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://www.debian.org/security/2022/dsa-5281"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/","reference_id":"FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FD6M3PVVKO35WLAA7GLDBS6TEQ26SM64/"},{"reference_url":"https://support.f5.com/csp/article/K28112382","reference_id":"K28112382","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://support.f5.com/csp/article/K28112382"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html","reference_id":"msg00031.html","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2022/11/msg00031.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230120-0005/","reference_id":"ntap-20230120-0005","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230120-0005/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7402","reference_id":"RHSA-2025:7402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7546","reference_id":"RHSA-2025:7546","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7546"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:7619","reference_id":"RHSA-2025:7619","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:7619"},{"reference_url":"https://usn.ubuntu.com/5722-1/","reference_id":"USN-5722-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5722-1/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/","reference_id":"WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ","reference_type":"","scores":[{"value":"7.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-08T18:11:21Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WBORRVG7VVXYOAIAD64ZHES2U2VIUKFQ/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994843?format=json","purl":"pkg:deb/debian/nginx@1.18.0-6.1%2Bdeb11u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-d1c6-dt2p-9kaa"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-hemy-pnpj-sfg3"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.18.0-6.1%252Bdeb11u3"}],"aliases":["CVE-2022-41742"],"risk_score":3.2,"exploitability":"0.5","weighted_severity":"6.4","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wc3j-5xmu-kyex"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/31?format=json","vulnerability_id":"VCID-wsxq-wqqr-n3ey","summary":"Memory disclosure with specially crafted backend responses","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1180","reference_id":"","reference_type":"","scores":[{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86659","published_at":"2026-04-01T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86669","published_at":"2026-04-02T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86688","published_at":"2026-04-04T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86687","published_at":"2026-04-07T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86706","published_at":"2026-04-08T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86716","published_at":"2026-04-09T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86729","published_at":"2026-04-11T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.86727","published_at":"2026-04-12T12:55:00Z"},{"value":"0.03062","scoring_system":"epss","scoring_elements":"0.8672","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2012-1180"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1180"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html","reference_id":"","reference_type":"","scores":[],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2012/000076.html"},{"reference_url":"https://nginx.org/download/patch.2012.memory.txt","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2012.memory.txt"},{"reference_url":"https://nginx.org/download/patch.2012.memory.txt.asc","reference_id":"","reference_type":"","scores":[],"url":"https://nginx.org/download/patch.2012.memory.txt.asc"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664137","reference_id":"664137","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=664137"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1180","reference_id":"CVE-2012-1180","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-1180"},{"reference_url":"https://security.gentoo.org/glsa/201203-22","reference_id":"GLSA-201203-22","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201203-22"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"}],"aliases":["CVE-2012-1180"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-wsxq-wqqr-n3ey"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/17?format=json","vulnerability_id":"VCID-x8ck-rceh-ukdw","summary":"SSL session reuse vulnerability","references":[{"reference_url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html","reference_id":"","reference_type":"","scores":[],"url":"http://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"},{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3616.json","reference_id":"","reference_type":"","scores":[],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3616.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3616","reference_id":"","reference_type":"","scores":[{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85161","published_at":"2026-04-13T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.8509","published_at":"2026-04-01T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85167","published_at":"2026-04-11T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85165","published_at":"2026-04-12T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85103","published_at":"2026-04-02T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.8512","published_at":"2026-04-04T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85124","published_at":"2026-04-07T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85145","published_at":"2026-04-08T12:55:00Z"},{"value":"0.02435","scoring_system":"epss","scoring_elements":"0.85153","published_at":"2026-04-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2014-3616"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3616"},{"reference_url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html","reference_id":"","reference_type":"","scores":[{"value":"medium","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://mailman.nginx.org/pipermail/nginx-announce/2014/000147.html"},{"reference_url":"http://www.debian.org/security/2014/dsa-3029","reference_id":"","reference_type":"","scores":[],"url":"http://www.debian.org/security/2014/dsa-3029"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1142573","reference_id":"1142573","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1142573"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940","reference_id":"761940","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=761940"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_id":"cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:f5:nginx:*:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_id":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3616","reference_id":"CVE-2014-3616","reference_type":"","scores":[{"value":"4.3","scoring_system":"cvssv2","scoring_elements":"AV:N/AC:M/Au:N/C:N/I:P/A:N"}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2014-3616"},{"reference_url":"https://security.gentoo.org/glsa/201502-06","reference_id":"GLSA-201502-06","reference_type":"","scores":[],"url":"https://security.gentoo.org/glsa/201502-06"},{"reference_url":"https://usn.ubuntu.com/2351-1/","reference_id":"USN-2351-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/2351-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/572019?format=json","purl":"pkg:deb/debian/nginx@1.2.1-2.2%2Bwheezy4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-asr7-uwpu-a7a5"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-m1y8-m8z6-kyg9"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-pmrf-dxst-p7a7"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u25m-v3f6-23dk"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-x8ck-rceh-ukdw"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.2.1-2.2%252Bwheezy4"},{"url":"http://public2.vulnerablecode.io/api/packages/1035547?format=json","purl":"pkg:deb/debian/nginx@1.6.2-5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-64n7-ygvq-cfds"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-bana-j1wy-cfdy"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-cjx4-a19z-xufq"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-e49f-y1ky-5yb4"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-fgaf-wqmd-gqf3"},{"vulnerability":"VCID-jtgk-h6v6-2fgs"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-nckn-qkc8-t7ge"},{"vulnerability":"VCID-p933-hxvk-37bk"},{"vulnerability":"VCID-qzcz-zvv6-dyda"},{"vulnerability":"VCID-rsr7-p977-tycc"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-uqb5-ensa-8yht"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"},{"vulnerability":"VCID-yu2j-f4q9-bbcx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.6.2-5"}],"aliases":["CVE-2014-3616"],"risk_score":1.9,"exploitability":"0.5","weighted_severity":"3.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-x8ck-rceh-ukdw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/94585?format=json","vulnerability_id":"VCID-y3tg-7fge-1yfy","summary":"ngx_http_lua_module (aka lua-nginx-module) before 0.10.16 in OpenResty allows unsafe characters in an argument when using the API to mutate a URI, or a request or response header.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36309","reference_id":"","reference_type":"","scores":[{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.61963","published_at":"2026-04-01T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62034","published_at":"2026-04-02T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62065","published_at":"2026-04-04T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62035","published_at":"2026-04-07T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62084","published_at":"2026-04-08T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62102","published_at":"2026-04-09T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62122","published_at":"2026-04-11T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.62111","published_at":"2026-04-12T12:55:00Z"},{"value":"0.00423","scoring_system":"epss","scoring_elements":"0.6209","published_at":"2026-04-13T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-36309"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36309"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787","reference_id":"986787","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986787"},{"reference_url":"https://usn.ubuntu.com/5371-1/","reference_id":"USN-5371-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5371-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/994844?format=json","purl":"pkg:deb/debian/nginx@1.22.1-9%2Bdeb12u3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2cu7-pyw5-t3dm"},{"vulnerability":"VCID-3czf-dtzg-8kdm"},{"vulnerability":"VCID-5781-s1ny-q7ey"},{"vulnerability":"VCID-fmvd-vyt7-mkfk"},{"vulnerability":"VCID-kpjx-rrjs-subs"},{"vulnerability":"VCID-sxf9-qr1j-u3et"},{"vulnerability":"VCID-z3xb-4krg-rbae"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.22.1-9%252Bdeb12u3"}],"aliases":["CVE-2020-36309"],"risk_score":null,"exploitability":"0.5","weighted_severity":"0.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-y3tg-7fge-1yfy"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/83977?format=json","vulnerability_id":"VCID-yu2j-f4q9-bbcx","summary":"nginx: buffer overflow in ngx_gmtime() triggered by 5 digit years","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json","reference_id":"","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-20005.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20005","reference_id":"","reference_type":"","scores":[{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87118","published_at":"2026-04-13T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87065","published_at":"2026-04-01T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87075","published_at":"2026-04-02T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87094","published_at":"2026-04-04T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87087","published_at":"2026-04-07T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87108","published_at":"2026-04-08T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87115","published_at":"2026-04-09T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87128","published_at":"2026-04-11T12:55:00Z"},{"value":"0.0325","scoring_system":"epss","scoring_elements":"0.87123","published_at":"2026-04-12T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2017-20005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-20005"},{"reference_url":"https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf","reference_id":"0206ebe76f748bb39d9de4dd4b3fce777fdfdccf","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://github.com/nginx/nginx/commit/0206ebe76f748bb39d9de4dd4b3fce777fdfdccf"},{"reference_url":"https://trac.nginx.org/nginx/ticket/1368","reference_id":"1368","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://trac.nginx.org/nginx/ticket/1368"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974192","reference_id":"1974192","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1974192"},{"reference_url":"https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b","reference_id":"b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://github.com/nginx/nginx/commit/b900cc28fcbb4cf5a32ab62f80b59292e1c85b4b"},{"reference_url":"http://nginx.org/en/CHANGES","reference_id":"CHANGES","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"http://nginx.org/en/CHANGES"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html","reference_id":"msg00009.html","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2021/06/msg00009.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20210805-0006/","reference_id":"ntap-20210805-0006","reference_type":"","scores":[{"value":"9.8","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-12-04T13:25:48Z/"}],"url":"https://security.netapp.com/advisory/ntap-20210805-0006/"},{"reference_url":"https://usn.ubuntu.com/5109-1/","reference_id":"USN-5109-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/5109-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/1037901?format=json","purl":"pkg:deb/debian/nginx@1.14.2-2%2Bdeb10u4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-22cq-z7km-cfdc"},{"vulnerability":"VCID-36pf-ddpb-3khs"},{"vulnerability":"VCID-3ysf-pvuu-47bs"},{"vulnerability":"VCID-9hzg-r1fj-pubf"},{"vulnerability":"VCID-c4ta-jqmg-wfgf"},{"vulnerability":"VCID-c9ym-ckeq-63dq"},{"vulnerability":"VCID-cbn4-utmp-n7ba"},{"vulnerability":"VCID-dmv4-ydq9-a7eq"},{"vulnerability":"VCID-eb23-pd25-yqg3"},{"vulnerability":"VCID-kcsp-h1s5-wbea"},{"vulnerability":"VCID-u8aq-2qhu-gff5"},{"vulnerability":"VCID-wc3j-5xmu-kyex"},{"vulnerability":"VCID-y3tg-7fge-1yfy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@1.14.2-2%252Bdeb10u4"}],"aliases":["CVE-2017-20005"],"risk_score":4.4,"exploitability":"0.5","weighted_severity":"8.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yu2j-f4q9-bbcx"}],"fixing_vulnerabilities":[],"risk_score":"10.0","resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/nginx@0.6.32-3%252Blenny3"}