{"url":"http://public2.vulnerablecode.io/api/packages/95781?format=json","purl":"pkg:deb/debian/netbeans@12.1-3?distro=trixie","type":"deb","namespace":"debian","name":"netbeans","version":"12.1-3","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":null,"latest_non_vulnerable_version":null,"affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/64991?format=json","vulnerability_id":"VCID-6a1t-yvxj-vkbm","summary":"Unspecified vulnerability in the NetBeans component in Oracle Fusion Middleware 8.1 allows local users to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the previous information is from the October 2016 CPU. Oracle has not commented on third-party claims that this issue is a directory traversal vulnerability which allows local users with certain permissions to write to arbitrary files and consequently gain privileges via a .. (dot dot) in a archive entry in a ZIP file imported as a project.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5537","reference_id":"","reference_type":"","scores":[{"value":"0.00123","scoring_system":"epss","scoring_elements":"0.3101","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-5537"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5537","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5537"},{"reference_url":"http://www.securitytracker.com/id/1037051","reference_id":"1037051","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:49:31Z/"}],"url":"http://www.securitytracker.com/id/1037051"},{"reference_url":"https://www.exploit-db.com/exploits/40588/","reference_id":"40588","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:49:31Z/"}],"url":"https://www.exploit-db.com/exploits/40588/"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852029","reference_id":"852029","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852029"},{"reference_url":"http://www.securityfocus.com/bid/93686","reference_id":"93686","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:49:31Z/"}],"url":"http://www.securityfocus.com/bid/93686"},{"reference_url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html","reference_id":"cpuoct2016-2881722.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:49:31Z/"}],"url":"http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"},{"reference_url":"http://packetstormsecurity.com/files/139259/Oracle-Netbeans-IDE-8.1-Directory-Traversal.html","reference_id":"Oracle-Netbeans-IDE-8.1-Directory-Traversal.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:49:31Z/"}],"url":"http://packetstormsecurity.com/files/139259/Oracle-Netbeans-IDE-8.1-Directory-Traversal.html"},{"reference_url":"http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt","reference_id":"ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:49:31Z/"}],"url":"http://hyp3rlinx.altervista.org/advisories/ORACLE-NETBEANS-IDE-DIRECTORY-TRAVERSAL.txt"},{"reference_url":"http://www.securityfocus.com/archive/1/539615/100/0/threaded","reference_id":"threaded","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-10-10T17:49:31Z/"}],"url":"http://www.securityfocus.com/archive/1/539615/100/0/threaded"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95782?format=json","purl":"pkg:deb/debian/netbeans@10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95781?format=json","purl":"pkg:deb/debian/netbeans@12.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-3%3Fdistro=trixie"}],"aliases":["CVE-2016-5537"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-6a1t-yvxj-vkbm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/206253?format=json","vulnerability_id":"VCID-gmrj-vn6a-akac","summary":"Apache NetBeans (incubating) 9.0 NetBeans Proxy Auto-Configuration (PAC) interpretation is vulnerable for remote command execution (RCE). Using the nashorn script engine the environment of the javascript execution for the Proxy Auto-Configuration leaks privileged objects, that can be used to circumvent the execution limits. If a different script engine was used, no execution limits were in place. Both vectors allow remote code execution.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17191","reference_id":"","reference_type":"","scores":[{"value":"0.03031","scoring_system":"epss","scoring_elements":"0.8695","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2018-17191"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17191","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17191"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95782?format=json","purl":"pkg:deb/debian/netbeans@10.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@10.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95781?format=json","purl":"pkg:deb/debian/netbeans@12.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-3%3Fdistro=trixie"}],"aliases":["CVE-2018-17191"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gmrj-vn6a-akac"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207033?format=json","vulnerability_id":"VCID-hvv3-dhxq-7bhg","summary":"The \"Apache NetBeans\" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. \"Apache NetBeans\" versions up to and including 11.2 are affected by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17561","reference_id":"","reference_type":"","scores":[{"value":"0.0073","scoring_system":"epss","scoring_elements":"0.73123","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17561"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17561","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17561"},{"reference_url":"https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/rb218aa720fc525f63d91761fbf67854f454ce7a697dbbee2001ae8b1%40%3Cdev.netbeans.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17561","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"},{"value":"HIGH","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17561"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95783?format=json","purl":"pkg:deb/debian/netbeans@12.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95781?format=json","purl":"pkg:deb/debian/netbeans@12.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-3%3Fdistro=trixie"}],"aliases":["CVE-2019-17561","GHSA-cf8q-j9h3-7237"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hvv3-dhxq-7bhg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/196888?format=json","vulnerability_id":"VCID-myn4-yc8z-rkge","summary":"arbitrary code execution","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11986","reference_id":"","reference_type":"","scores":[{"value":"0.05128","scoring_system":"epss","scoring_elements":"0.90071","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-11986"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11986","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11986"},{"reference_url":"https://security.archlinux.org/ASA-202009-7","reference_id":"ASA-202009-7","reference_type":"","scores":[],"url":"https://security.archlinux.org/ASA-202009-7"},{"reference_url":"https://security.archlinux.org/AVG-1221","reference_id":"AVG-1221","reference_type":"","scores":[{"value":"Critical","scoring_system":"archlinux","scoring_elements":""}],"url":"https://security.archlinux.org/AVG-1221"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95783?format=json","purl":"pkg:deb/debian/netbeans@12.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95781?format=json","purl":"pkg:deb/debian/netbeans@12.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-3%3Fdistro=trixie"}],"aliases":["CVE-2020-11986"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-myn4-yc8z-rkge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/207032?format=json","vulnerability_id":"VCID-tb8f-1ne8-gbdq","summary":"The \"Apache NetBeans\" autoupdate system does not validate SSL certificates and hostnames for https based downloads. This allows an attacker to intercept downloads of autoupdates and modify the download, potentially injecting malicious code. “Apache NetBeans\" versions up to and including 11.2 are affected by this vulnerability.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17560","reference_id":"","reference_type":"","scores":[{"value":"0.01555","scoring_system":"epss","scoring_elements":"0.81857","published_at":"2026-06-11T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2019-17560"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17560","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17560"},{"reference_url":"https://lists.apache.org/thread.html/r354d7654efa1050539fe56a3257696d1faeea4f3f9b633c29ec89609%40%3Cdev.netbeans.apache.org%3E","reference_id":"","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.apache.org/thread.html/r354d7654efa1050539fe56a3257696d1faeea4f3f9b633c29ec89609%40%3Cdev.netbeans.apache.org%3E"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17560","reference_id":"CVE-2019-17560","reference_type":"","scores":[{"value":"9.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"},{"value":"CRITICAL","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-17560"},{"reference_url":"https://github.com/advisories/GHSA-7c2m-vwxw-5qww","reference_id":"GHSA-7c2m-vwxw-5qww","reference_type":"","scores":[{"value":"CRITICAL","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-7c2m-vwxw-5qww"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/95783?format=json","purl":"pkg:deb/debian/netbeans@12.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/95781?format=json","purl":"pkg:deb/debian/netbeans@12.1-3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-3%3Fdistro=trixie"}],"aliases":["CVE-2019-17560","GHSA-7c2m-vwxw-5qww"],"risk_score":4.5,"exploitability":"0.5","weighted_severity":"9.0","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tb8f-1ne8-gbdq"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/netbeans@12.1-3%3Fdistro=trixie"}