| 0 |
| url |
VCID-1teg-yvuy-4kga |
| vulnerability_id |
VCID-1teg-yvuy-4kga |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could lead to information disclosure or denial of service. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2022-46392 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42122 |
| published_at |
2026-04-09T12:55:00Z |
|
| 1 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42094 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42133 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42081 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42106 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42143 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.4211 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.002 |
| scoring_system |
epss |
| scoring_elements |
0.42059 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00213 |
| scoring_system |
epss |
| scoring_elements |
0.43872 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2022-46392 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
|
| aliases |
CVE-2022-46392
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-1teg-yvuy-4kga |
|
| 1 |
| url |
VCID-4y36-8tq3-abg6 |
| vulnerability_id |
VCID-4y36-8tq3-abg6 |
| summary |
An issue was discovered in Arm Mbed TLS before 2.16.6 and 2.7.x before 2.7.15. An attacker that can get precise enough side-channel measurements can recover the long-term ECDSA private key by (1) reconstructing the projective coordinate of the result of scalar multiplication by exploiting side channels in the conversion to affine coordinates; (2) using an attack described by Naccache, Smart, and Stern in 2003 to recover a few bits of the ephemeral scalar from those projective coordinates via several measurements; and (3) using a lattice attack to get from there to the long-term ECDSA private key used for the signatures. Typically an attacker would have sufficient access when attacking an SGX enclave and controlling the untrusted OS. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10932 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14488 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14591 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14483 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14646 |
| published_at |
2026-04-01T12:55:00Z |
|
| 4 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14696 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.1477 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14576 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14665 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14725 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14685 |
| published_at |
2026-04-11T12:55:00Z |
|
| 10 |
| value |
0.00047 |
| scoring_system |
epss |
| scoring_elements |
0.14647 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10932 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-10932
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-4y36-8tq3-abg6 |
|
| 2 |
| url |
VCID-5e8e-tdjb-f7c4 |
| vulnerability_id |
VCID-5e8e-tdjb-f7c4 |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36425 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69161 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69177 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69198 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69179 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69229 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69248 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.6927 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69256 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69227 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69266 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00592 |
| scoring_system |
epss |
| scoring_elements |
0.69274 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36425 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36425
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5e8e-tdjb-f7c4 |
|
| 3 |
| url |
VCID-5x2e-paq2-nyf9 |
| vulnerability_id |
VCID-5x2e-paq2-nyf9 |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44732 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76051 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76054 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76087 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76067 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76101 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76115 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.7614 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76116 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76113 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76154 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00931 |
| scoring_system |
epss |
| scoring_elements |
0.76158 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-44732 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
|
| aliases |
CVE-2021-44732
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5x2e-paq2-nyf9 |
|
| 4 |
| url |
VCID-71u1-k3yx-pfgx |
| vulnerability_id |
VCID-71u1-k3yx-pfgx |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36421 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66574 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66614 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.6664 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66611 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66659 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66673 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66692 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66679 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66647 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66682 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00516 |
| scoring_system |
epss |
| scoring_elements |
0.66696 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36421 |
|
| 1 |
|
| 2 |
|
| 3 |
| reference_url |
https://bugs.gentoo.org/730752 |
| reference_id |
730752 |
| reference_type |
|
| scores |
| 0 |
| value |
5.3 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-03T16:11:06Z/ |
|
|
| url |
https://bugs.gentoo.org/730752 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36421
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-71u1-k3yx-pfgx |
|
| 5 |
| url |
VCID-7ppw-f9jy-k7ae |
| vulnerability_id |
VCID-7ppw-f9jy-k7ae |
| summary |
Mbed TLS before 3.6.4 has a PEM parsing one-byte heap-based buffer underflow, in mbedtls_pem_read_buffer and two mbedtls_pk_parse functions, via untrusted PEM input. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-52497 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25899 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.26008 |
| published_at |
2026-04-09T12:55:00Z |
|
| 2 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.26018 |
| published_at |
2026-04-11T12:55:00Z |
|
| 3 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25918 |
| published_at |
2026-04-16T12:55:00Z |
|
| 4 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.26081 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.26121 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25887 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00092 |
| scoring_system |
epss |
| scoring_elements |
0.25957 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.26249 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00094 |
| scoring_system |
epss |
| scoring_elements |
0.26308 |
| published_at |
2026-04-12T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-52497 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
| 1 |
|
|
| aliases |
CVE-2025-52497
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7ppw-f9jy-k7ae |
|
| 6 |
| url |
VCID-7v3a-5q44-cucz |
| vulnerability_id |
VCID-7v3a-5q44-cucz |
| summary |
Mbed TLS before 3.6.4 has a NULL pointer dereference because mbedtls_asn1_store_named_data can trigger conflicting data with val.p of NULL but val.len greater than zero. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48965 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09613 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.00033 |
| scoring_system |
epss |
| scoring_elements |
0.09562 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13755 |
| published_at |
2026-04-08T12:55:00Z |
|
| 3 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13673 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13806 |
| published_at |
2026-04-09T12:55:00Z |
|
| 5 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13774 |
| published_at |
2026-04-11T12:55:00Z |
|
| 6 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13737 |
| published_at |
2026-04-12T12:55:00Z |
|
| 7 |
| value |
0.00045 |
| scoring_system |
epss |
| scoring_elements |
0.13688 |
| published_at |
2026-04-13T12:55:00Z |
|
| 8 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18643 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.0006 |
| scoring_system |
epss |
| scoring_elements |
0.18655 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-48965 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
| 1 |
|
|
| aliases |
CVE-2025-48965
|
| risk_score |
1.8 |
| exploitability |
0.5 |
| weighted_severity |
3.6 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7v3a-5q44-cucz |
|
| 7 |
| url |
VCID-8vmc-tp28-wyae |
| vulnerability_id |
VCID-8vmc-tp28-wyae |
| summary |
In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level (administrator) attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single stepped, especially Intel SGX. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-24119 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71557 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71468 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71475 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71492 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71464 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71505 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71517 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71539 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71524 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71506 |
| published_at |
2026-04-13T12:55:00Z |
|
| 10 |
| value |
0.00677 |
| scoring_system |
epss |
| scoring_elements |
0.71552 |
| published_at |
2026-04-16T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-24119 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
|
| aliases |
CVE-2021-24119
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8vmc-tp28-wyae |
|
| 8 |
| url |
VCID-9236-axrw-8qc4 |
| vulnerability_id |
VCID-9236-axrw-8qc4 |
| summary |
Arm Mbed TLS before 2.16.5 allows attackers to obtain sensitive information (an RSA private key) by measuring cache usage during an import. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10941 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.7215 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72142 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72057 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72063 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72084 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.7206 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72098 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72109 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72132 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72117 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00705 |
| scoring_system |
epss |
| scoring_elements |
0.72102 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-10941 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-10941
|
| risk_score |
2.6 |
| exploitability |
0.5 |
| weighted_severity |
5.3 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-9236-axrw-8qc4 |
|
| 9 |
| url |
VCID-987j-wtrr-7beu |
| vulnerability_id |
VCID-987j-wtrr-7beu |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36424 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32626 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32761 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32797 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32618 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32665 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32691 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32692 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32655 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32627 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00131 |
| scoring_system |
epss |
| scoring_elements |
0.32642 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36424 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36424
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-987j-wtrr-7beu |
|
| 10 |
| url |
VCID-98cg-wuhp-qudq |
| vulnerability_id |
VCID-98cg-wuhp-qudq |
| summary |
Mbed TLS before 3.6.4 allows a use-after-free in certain situations of applications that are developed in accordance with the documentation. The function mbedtls_x509_string_to_names() takes a head argument that is documented as an output argument. The documentation does not suggest that the function will free that pointer; however, the function does call mbedtls_asn1_free_named_data_list() on that argument, which performs a deep free(). As a result, application code that uses this function (relying only on documented behavior) is likely to still hold pointers to the memory blocks that were freed, resulting in a high risk of use-after-free or double-free. In particular, the two sample programs x509/cert_write and x509/cert_req are affected (use-after-free if the san string contains more than one DN). |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-47917 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0361 |
| scoring_system |
epss |
| scoring_elements |
0.87753 |
| published_at |
2026-04-04T12:55:00Z |
|
| 1 |
| value |
0.0361 |
| scoring_system |
epss |
| scoring_elements |
0.87739 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.88959 |
| published_at |
2026-04-18T12:55:00Z |
|
| 3 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.88955 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.88949 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.88948 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.88961 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.8892 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.88938 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.04351 |
| scoring_system |
epss |
| scoring_elements |
0.88943 |
| published_at |
2026-04-09T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-47917 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
| 1 |
|
|
| aliases |
CVE-2025-47917
|
| risk_score |
10.0 |
| exploitability |
2.0 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-98cg-wuhp-qudq |
|
| 11 |
| url |
VCID-ewrv-m6gm-y7hc |
| vulnerability_id |
VCID-ewrv-m6gm-y7hc |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-16150 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.22867 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.23012 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.22976 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.2292 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.23036 |
| published_at |
2026-04-02T12:55:00Z |
|
| 5 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.23081 |
| published_at |
2026-04-04T12:55:00Z |
|
| 6 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.2287 |
| published_at |
2026-04-07T12:55:00Z |
|
| 7 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.22942 |
| published_at |
2026-04-08T12:55:00Z |
|
| 8 |
| value |
0.00077 |
| scoring_system |
epss |
| scoring_elements |
0.22994 |
| published_at |
2026-04-09T12:55:00Z |
|
| 9 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23115 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00078 |
| scoring_system |
epss |
| scoring_elements |
0.23107 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-16150 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-16150
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ewrv-m6gm-y7hc |
|
| 12 |
| url |
VCID-g7w2-d16t-8bd9 |
| vulnerability_id |
VCID-g7w2-d16t-8bd9 |
| summary |
The ECDSA signature implementation in ecdsa.c in Arm Mbed Crypto 2.1 and Mbed TLS through 2.19.1 does not reduce the blinded scalar before computing the inverse, which allows a local attacker to recover the private key via side-channel attacks. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18222 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31871 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31858 |
| published_at |
2026-04-01T12:55:00Z |
|
| 2 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31986 |
| published_at |
2026-04-02T12:55:00Z |
|
| 3 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.32027 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31847 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31899 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31928 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31933 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.31893 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00126 |
| scoring_system |
epss |
| scoring_elements |
0.3186 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-18222 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2019-18222
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-g7w2-d16t-8bd9 |
|
| 13 |
| url |
VCID-jcnd-yb5z-p7d3 |
| vulnerability_id |
VCID-jcnd-yb5z-p7d3 |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36422 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.5662 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56716 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56737 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56715 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56766 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56771 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.5678 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56757 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56736 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56767 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.0034 |
| scoring_system |
epss |
| scoring_elements |
0.56764 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36422 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36422
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-jcnd-yb5z-p7d3 |
|
| 14 |
| url |
VCID-rqxq-rqxu-4fes |
| vulnerability_id |
VCID-rqxq-rqxu-4fes |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36475 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.7669 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76694 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76723 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76705 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76737 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76748 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76776 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76756 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76789 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00979 |
| scoring_system |
epss |
| scoring_elements |
0.76794 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36475 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36475
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rqxq-rqxu-4fes |
|
| 15 |
| url |
VCID-s1qx-e7uw-c3eq |
| vulnerability_id |
VCID-s1qx-e7uw-c3eq |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36476 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71525 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71532 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71549 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71522 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71562 |
| published_at |
2026-04-13T12:55:00Z |
|
| 5 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71573 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71596 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.7158 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71606 |
| published_at |
2026-04-16T12:55:00Z |
|
| 9 |
| value |
0.00679 |
| scoring_system |
epss |
| scoring_elements |
0.71611 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36476 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36476
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-s1qx-e7uw-c3eq |
|
| 16 |
| url |
VCID-svsq-har4-dyen |
| vulnerability_id |
VCID-svsq-har4-dyen |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36423 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.004 |
| scoring_system |
epss |
| scoring_elements |
0.60748 |
| published_at |
2026-04-12T12:55:00Z |
|
| 1 |
| value |
0.004 |
| scoring_system |
epss |
| scoring_elements |
0.60729 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.004 |
| scoring_system |
epss |
| scoring_elements |
0.60703 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.004 |
| scoring_system |
epss |
| scoring_elements |
0.60673 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.004 |
| scoring_system |
epss |
| scoring_elements |
0.60722 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.004 |
| scoring_system |
epss |
| scoring_elements |
0.60737 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.004 |
| scoring_system |
epss |
| scoring_elements |
0.60761 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00663 |
| scoring_system |
epss |
| scoring_elements |
0.7122 |
| published_at |
2026-04-18T12:55:00Z |
|
| 8 |
| value |
0.00663 |
| scoring_system |
epss |
| scoring_elements |
0.71128 |
| published_at |
2026-04-02T12:55:00Z |
|
| 9 |
| value |
0.00663 |
| scoring_system |
epss |
| scoring_elements |
0.71213 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00663 |
| scoring_system |
epss |
| scoring_elements |
0.71118 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36423 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36423
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-svsq-har4-dyen |
|
| 17 |
| url |
VCID-t2j5-4x1d-2kb1 |
| vulnerability_id |
VCID-t2j5-4x1d-2kb1 |
| summary |
Use of a Broken or Risky Cryptographic Algorithm in the function mbedtls_mpi_exp_mod() in lignum.c in Mbed TLS Mbed TLS all versions before 3.0.0, 2.27.0 or 2.16.11 allows attackers with access to precise enough timing and memory access information (typically an untrusted operating system attacking a secure enclave such as SGX or the TrustZone secure world) to recover the private keys used in RSA. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36647 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12093 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12294 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12269 |
| published_at |
2026-04-09T12:55:00Z |
|
| 3 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12276 |
| published_at |
2026-04-11T12:55:00Z |
|
| 4 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12238 |
| published_at |
2026-04-12T12:55:00Z |
|
| 5 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12202 |
| published_at |
2026-04-13T12:55:00Z |
|
| 6 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.1209 |
| published_at |
2026-04-16T12:55:00Z |
|
| 7 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12178 |
| published_at |
2026-04-01T12:55:00Z |
|
| 8 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.1234 |
| published_at |
2026-04-04T12:55:00Z |
|
| 9 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12139 |
| published_at |
2026-04-07T12:55:00Z |
|
| 10 |
| value |
0.0004 |
| scoring_system |
epss |
| scoring_elements |
0.12219 |
| published_at |
2026-04-08T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-36647 |
|
| 1 |
|
| 2 |
| reference_url |
https://kouzili.com/Load-Step.pdf |
| reference_id |
Load-Step.pdf |
| reference_type |
|
| scores |
| 0 |
| value |
4.7 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
|
| 1 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-04-08T20:30:16Z/ |
|
|
| url |
https://kouzili.com/Load-Step.pdf |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
|
| aliases |
CVE-2021-36647
|
| risk_score |
2.1 |
| exploitability |
0.5 |
| weighted_severity |
4.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-t2j5-4x1d-2kb1 |
|
| 18 |
| url |
VCID-x5we-9dmz-p7bh |
| vulnerability_id |
VCID-x5we-9dmz-p7bh |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43666 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72354 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72263 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72316 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72302 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72345 |
| published_at |
2026-04-16T12:55:00Z |
|
| 5 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72257 |
| published_at |
2026-04-01T12:55:00Z |
|
| 6 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72283 |
| published_at |
2026-04-04T12:55:00Z |
|
| 7 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72259 |
| published_at |
2026-04-07T12:55:00Z |
|
| 8 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72297 |
| published_at |
2026-04-08T12:55:00Z |
|
| 9 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.7231 |
| published_at |
2026-04-09T12:55:00Z |
|
| 10 |
| value |
0.00713 |
| scoring_system |
epss |
| scoring_elements |
0.72332 |
| published_at |
2026-04-11T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2021-43666 |
|
| 1 |
|
| 2 |
|
| 3 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
|
| aliases |
CVE-2021-43666
|
| risk_score |
3.4 |
| exploitability |
0.5 |
| weighted_severity |
6.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x5we-9dmz-p7bh |
|
| 19 |
| url |
VCID-x682-agtt-myf1 |
| vulnerability_id |
VCID-x682-agtt-myf1 |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36478 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66677 |
| published_at |
2026-04-01T12:55:00Z |
|
| 1 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66717 |
| published_at |
2026-04-02T12:55:00Z |
|
| 2 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66743 |
| published_at |
2026-04-04T12:55:00Z |
|
| 3 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66716 |
| published_at |
2026-04-07T12:55:00Z |
|
| 4 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66764 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.6678 |
| published_at |
2026-04-09T12:55:00Z |
|
| 6 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.668 |
| published_at |
2026-04-11T12:55:00Z |
|
| 7 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66787 |
| published_at |
2026-04-12T12:55:00Z |
|
| 8 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66757 |
| published_at |
2026-04-13T12:55:00Z |
|
| 9 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66791 |
| published_at |
2026-04-16T12:55:00Z |
|
| 10 |
| value |
0.00518 |
| scoring_system |
epss |
| scoring_elements |
0.66805 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36478 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36478
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-x682-agtt-myf1 |
|
| 20 |
| url |
VCID-ydp2-phc9-m7b1 |
| vulnerability_id |
VCID-ydp2-phc9-m7b1 |
| summary |
Arm Mbed TLS before 2.19.0 and Arm Mbed Crypto before 2.0.0, when deterministic ECDSA is enabled, use an RNG with insufficient entropy for blinding, which might allow an attacker to recover a private key via side-channel attacks if a victim signs the same message many times. (For Mbed TLS, the fix is also available in versions 2.7.12 and 2.16.3.) |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16910 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.76061 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.76058 |
| published_at |
2026-04-16T12:55:00Z |
|
| 2 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.75959 |
| published_at |
2026-04-01T12:55:00Z |
|
| 3 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.75962 |
| published_at |
2026-04-02T12:55:00Z |
|
| 4 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.75994 |
| published_at |
2026-04-04T12:55:00Z |
|
| 5 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.75974 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.76006 |
| published_at |
2026-04-08T12:55:00Z |
|
| 7 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.76021 |
| published_at |
2026-04-09T12:55:00Z |
|
| 8 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.76046 |
| published_at |
2026-04-11T12:55:00Z |
|
| 9 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.76023 |
| published_at |
2026-04-12T12:55:00Z |
|
| 10 |
| value |
0.00925 |
| scoring_system |
epss |
| scoring_elements |
0.76018 |
| published_at |
2026-04-13T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2019-16910 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2019-16910
|
| risk_score |
2.4 |
| exploitability |
0.5 |
| weighted_severity |
4.8 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-ydp2-phc9-m7b1 |
|
| 21 |
| url |
VCID-zpq1-dwvf-8ka2 |
| vulnerability_id |
VCID-zpq1-dwvf-8ka2 |
| summary |
Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2025-52496 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09086 |
| published_at |
2026-04-02T12:55:00Z |
|
| 1 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.0917 |
| published_at |
2026-04-11T12:55:00Z |
|
| 2 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09375 |
| published_at |
2026-04-12T12:55:00Z |
|
| 3 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.0936 |
| published_at |
2026-04-13T12:55:00Z |
|
| 4 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09139 |
| published_at |
2026-04-08T12:55:00Z |
|
| 5 |
| value |
0.00032 |
| scoring_system |
epss |
| scoring_elements |
0.09059 |
| published_at |
2026-04-07T12:55:00Z |
|
| 6 |
| value |
0.00038 |
| scoring_system |
epss |
| scoring_elements |
0.11293 |
| published_at |
2026-04-18T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2025-52496 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.28.3-1 |
| purl |
pkg:deb/debian/mbedtls@2.28.3-1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-4sbv-dqyv-6baw |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 3 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 4 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 5 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 6 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 7 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 8 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 9 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 10 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 11 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 12 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.28.3-1 |
|
| 1 |
|
|
| aliases |
CVE-2025-52496
|
| risk_score |
3.5 |
| exploitability |
0.5 |
| weighted_severity |
7.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zpq1-dwvf-8ka2 |
|
| 22 |
| url |
VCID-zyge-82z3-33eq |
| vulnerability_id |
VCID-zyge-82z3-33eq |
| summary |
Multiple vulnerabilities have been discovered in Mbed TLS, the worst of which could result in arbitrary code execution. |
| references |
| 0 |
| reference_url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36426 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77442 |
| published_at |
2026-04-18T12:55:00Z |
|
| 1 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77404 |
| published_at |
2026-04-13T12:55:00Z |
|
| 2 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77443 |
| published_at |
2026-04-16T12:55:00Z |
|
| 3 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77381 |
| published_at |
2026-04-04T12:55:00Z |
|
| 4 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77362 |
| published_at |
2026-04-07T12:55:00Z |
|
| 5 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77392 |
| published_at |
2026-04-08T12:55:00Z |
|
| 6 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77401 |
| published_at |
2026-04-09T12:55:00Z |
|
| 7 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77427 |
| published_at |
2026-04-11T12:55:00Z |
|
| 8 |
| value |
0.01037 |
| scoring_system |
epss |
| scoring_elements |
0.77407 |
| published_at |
2026-04-12T12:55:00Z |
|
| 9 |
| value |
0.01043 |
| scoring_system |
epss |
| scoring_elements |
0.77417 |
| published_at |
2026-04-02T12:55:00Z |
|
| 10 |
| value |
0.01043 |
| scoring_system |
epss |
| scoring_elements |
0.7741 |
| published_at |
2026-04-01T12:55:00Z |
|
|
| url |
https://api.first.org/data/v1/epss?cve=CVE-2020-36426 |
|
| 1 |
|
| 2 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| purl |
pkg:deb/debian/mbedtls@2.16.9-0.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-1teg-yvuy-4kga |
|
| 1 |
| vulnerability |
VCID-5bxk-rknm-zfhc |
|
| 2 |
| vulnerability |
VCID-5x2e-paq2-nyf9 |
|
| 3 |
| vulnerability |
VCID-7ppw-f9jy-k7ae |
|
| 4 |
| vulnerability |
VCID-7v3a-5q44-cucz |
|
| 5 |
| vulnerability |
VCID-8vmc-tp28-wyae |
|
| 6 |
| vulnerability |
VCID-98cg-wuhp-qudq |
|
| 7 |
| vulnerability |
VCID-f1fz-b8b6-dfb8 |
|
| 8 |
| vulnerability |
VCID-gvkn-6e2m-dyez |
|
| 9 |
| vulnerability |
VCID-k8w1-nrjy-wfbe |
|
| 10 |
| vulnerability |
VCID-kchn-2wez-bbb2 |
|
| 11 |
| vulnerability |
VCID-pj6w-rufw-nqgd |
|
| 12 |
| vulnerability |
VCID-t2j5-4x1d-2kb1 |
|
| 13 |
| vulnerability |
VCID-vp4q-81cq-33cw |
|
| 14 |
| vulnerability |
VCID-vs6q-c4ug-xfer |
|
| 15 |
| vulnerability |
VCID-wsvw-6tmk-3kdj |
|
| 16 |
| vulnerability |
VCID-x5we-9dmz-p7bh |
|
| 17 |
| vulnerability |
VCID-zpq1-dwvf-8ka2 |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:deb/debian/mbedtls@2.16.9-0.1 |
|
|
| aliases |
CVE-2020-36426
|
| risk_score |
null |
| exploitability |
0.5 |
| weighted_severity |
0.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-zyge-82z3-33eq |
|