Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/5855?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "type": "deb", "namespace": "debian", "name": "nss", "version": "2:3.61-1+deb11u3", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": null, "latest_non_vulnerable_version": null, "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1577?format=api", "vulnerability_id": "VCID-1btz-x11h-wbe3", "summary": "Empty or malformed p256-ECDH public keys may trigger a segmentation fault due values being improperly sanitized before being copied into memory and used.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11729" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22", "reference_id": "mfsa2019-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23", "reference_id": "mfsa2019-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11729" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1btz-x11h-wbe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1580?format=api", "vulnerability_id": "VCID-9wkp-gr2p-kuda", "summary": "When importing a curve25519 private key in PKCS#8format with leading 0x00 bytes, it is possible to trigger an out-of-bounds read in the Network Security Services (NSS) library. This could lead to information disclosure.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11719" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22", "reference_id": "mfsa2019-22", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-22" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23", "reference_id": "mfsa2019-23", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-23" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11719" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9wkp-gr2p-kuda" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1151?format=api", "vulnerability_id": "VCID-bw2w-68hs-3bcd", "summary": "After a HelloRetryRequest has been sent, the client may negotiate a lower protocol that TLS 1.3, resulting in an invalid state transition in the TLS State Machine. If the client gets into this state, incoming Application Data records will be ignored.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://security.archlinux.org/ASA-202001-1", "reference_id": "ASA-202001-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202001-1" }, { "reference_url": "https://security.archlinux.org/AVG-1084", "reference_id": "AVG-1084", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1084" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01", "reference_id": "mfsa2020-01", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-17023" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bw2w-68hs-3bcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1091?format=api", "vulnerability_id": "VCID-kzju-7twc-fya8", "summary": "NSS has shown timing differences when performing DSA signatures, which was exploitable and could eventually leak private keys.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12398" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12405" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12406" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12410" }, { "reference_url": "https://security.archlinux.org/ASA-202006-1", "reference_id": "ASA-202006-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-1" }, { "reference_url": "https://security.archlinux.org/ASA-202006-4", "reference_id": "ASA-202006-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202006-4" }, { "reference_url": "https://security.archlinux.org/AVG-1173", "reference_id": "AVG-1173", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1173" }, { "reference_url": "https://security.archlinux.org/AVG-1179", "reference_id": "AVG-1179", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1179" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20", "reference_id": "mfsa2020-20", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-20" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21", "reference_id": "mfsa2020-21", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22", "reference_id": "mfsa2020-22", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-22" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12399" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kzju-7twc-fya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1170?format=api", "vulnerability_id": "VCID-m314-1d92-fke4", "summary": "When performing EC scalar point multiplication, the wNAF point multiplication algorithm was used; which leaked partial information about the nonce used during signature generation. Given an electro-magnetic trace of a few signature generations, the private key could have been computed.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6829" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-6829" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m314-1d92-fke4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1171?format=api", "vulnerability_id": "VCID-phzc-3ex9-4bf7", "summary": "When converting coordinates from projective to affine, the modular inversion was not performed in constant time, resulting in a possible timing-based side channel attack.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12400" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12400" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-phzc-3ex9-4bf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1169?format=api", "vulnerability_id": "VCID-qpmv-44r5-tqby", "summary": "During ECDSA signature generation, padding applied in the nonce designed to ensure constant-time scalar multiplication was removed, resulting in variable-time execution dependent on secret data.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12401" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36", "reference_id": "mfsa2020-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39", "reference_id": "mfsa2020-39", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-39" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12401" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qpmv-44r5-tqby" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1236?format=api", "vulnerability_id": "VCID-rc8a-n1r3-v7a1", "summary": "During RSA key generation, bignum implementations used a variation of the Binary Extended Euclidean Algorithm which entailed significantly input-dependent flow. This allowed an attacker able to perform electromagnetic-based side channel attacks to record traces leading to the recovery of the secret primes. We would like to thank Sohaib ul Hassan for contributing a fix for this issue as well.*Note:* An unmodified Firefox browser does not generate RSA keys in normal operation and is not affected, but products built on top of it might.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17006" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17023" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12399" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12402" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24", "reference_id": "mfsa2020-24", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-24" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29", "reference_id": "mfsa2020-29", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2020-29" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2020-12402" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rc8a-n1r3-v7a1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1598?format=api", "vulnerability_id": "VCID-rfpm-yp1s-y3ft", "summary": "When encrypting with a block cipher, if a call to NSC_EncryptUpdate was made with data smaller than the block size, a small out of bounds write could occur. This could have caused heap corruption and a potentially exploitable crash.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11745" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17007" }, { "reference_url": "https://security.archlinux.org/ASA-201912-1", "reference_id": "ASA-201912-1", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-1" }, { "reference_url": "https://security.archlinux.org/ASA-201912-2", "reference_id": "ASA-201912-2", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201912-2" }, { "reference_url": "https://security.archlinux.org/AVG-1071", "reference_id": "AVG-1071", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1071" }, { "reference_url": "https://security.archlinux.org/AVG-1072", "reference_id": "AVG-1072", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1072" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36", "reference_id": "mfsa2019-36", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-36" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37", "reference_id": "mfsa2019-37", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-37" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38", "reference_id": "mfsa2019-38", "reference_type": "", "scores": [ { "value": "high", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-38" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5252?format=api", "purl": "pkg:deb/debian/nss@2:3.42.1-1%2Bdeb10u5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1btz-x11h-wbe3" }, { "vulnerability": "VCID-9wkp-gr2p-kuda" }, { "vulnerability": "VCID-bw2w-68hs-3bcd" }, { "vulnerability": "VCID-kzju-7twc-fya8" }, { "vulnerability": "VCID-m314-1d92-fke4" }, { "vulnerability": "VCID-phzc-3ex9-4bf7" }, { "vulnerability": "VCID-qpmv-44r5-tqby" }, { "vulnerability": "VCID-rc8a-n1r3-v7a1" }, { "vulnerability": "VCID-rfpm-yp1s-y3ft" }, { "vulnerability": "VCID-xavu-ygkk-u3fn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.42.1-1%252Bdeb10u5" }, { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11745" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rfpm-yp1s-y3ft" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/1637?format=api", "vulnerability_id": "VCID-xavu-ygkk-u3fn", "summary": "A vulnerability exists where it possible to force Network Security Services (NSS) to sign CertificateVerify with PKCS#1 v1.5 signatures when those are the only ones advertised by server in CertificateRequest in TLS 1.3. PKCS#1 v1.5 signatures should not be used for TLS 1.3 messages.", "references": [ { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11727" }, { "reference_url": "https://security.archlinux.org/ASA-201907-4", "reference_id": "ASA-201907-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201907-4" }, { "reference_url": "https://security.archlinux.org/AVG-1002", "reference_id": "AVG-1002", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1002" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21", "reference_id": "mfsa2019-21", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-21" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28", "reference_id": "mfsa2019-28", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2019-28" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/5855?format=api", "purl": "pkg:deb/debian/nss@2:3.61-1%2Bdeb11u3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" } ], "aliases": [ "CVE-2019-11727" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xavu-ygkk-u3fn" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/nss@2:3.61-1%252Bdeb11u3" }